0.3.2 — correctness + precision patch

Correctness fixes

• Engine rate limiter math fix — configured rate_pps was overshooting by ×ばつ (10k pps configured delivered ~10M pps observed). Internal scale changed from ×ばつ1000 to ×ばつ1000000 so the per-μs refill now matches the configured rate at every value. Affects every synscan-style burst.
• Five correlation rules tightened to prevent cross-target false positives:
  • admin_exposed: a generic "Missing X header" finding no longer chains with an admin panel finding to claim "admin without auth".
  • source_secrets, cors_secret_chain, wildcard_takeover, ssrf_internal: now require source/secret signals to share a host (or parent domain) before chaining.
  • debug_rce: emits one chain per host instead of one chain whose target field misrepresents which host the listed endpoints actually live on.
  • api_auth: now normalizes target hosts so http vs https vs port variants cluster.

Defense in depth

• 13 unbounded .json().await calls in intel sources (Shodan, VirusTotal, Censys, URLScan, GreyNoise, AbuseIPDB, ipinfo, PassiveDNS) now route through gossan_core::net::bounded_json with per-source caps.
• JsonBackend::load() no longer follows arbitrary nodes_file/edges_file paths from the manifest — guards against path-traversal and information disclosure via parse-error messages.
• insecure_tls=true now emits a one-shot warning at scan start so a degraded TLS posture is always visible in logs.

0.3.1 — security patch

• Embed 888 keyhog detectors directly in gossan-keyhog-lite (end users now get a working scanner instead of a silent no-op)
• Bound 4 unbounded HTTP body reads (waf, sitemap, wasm, gitlab) — protects against OOM from hostile origins
• Fix soft404::read_limited to use streaming bound (previous version still loaded full body before checking the cap)
• Warn once when insecure_tls=true so degraded TLS posture is always visible

Release v0.3.0. See CHANGELOG.md for details. cargo install gossan@0.3.0