This is a release of my forked project, from branch fork. See below for full changelog, listing all commits since previous fork release. The primary asset of the release is a direct download link for a ready-to-use build of the application's single executable, as well as an alternative .zip archive containing the same executable. It is built with Go version 1.25.0.
About this fork
This release is from my fork of jstarks/npiperelay, adding some smaller improvements on top of upstream release v0.1.0. The changes are conservative; primary concern is to keep the code updated and secure, considering upstream has not been updated since this first release back in mid 2020. See previous release notes for fork releases starting with v1.0.0 to learn about all changes.
Checksums
GitHub automatically computes SHA-256 checksums for all release assets, which you can see to the right of the asset names in the "Assets" section below. These are generated at upload time and are immutable. The build system also computes SHA-256 checksums of built executables, and these are published as text file asset npiperelay_checksums.txt. Note that the .zip asset for the amd64 (x64/64-bit) and 386 (x86/32-bit) architectures both contain a single executable with name npiperelay.exe, and it is identical to the .exe asset with same name as the .zip asset, i.e. npiperelay_windows_386.exe and npiperelay_windows_amd64.exe, and should therefore have the same checksum.
These are the SHA-256 checksums of all binary release assets, as published in npiperelay_checksums.txt:
5a47940178d927afd06031ff2b93a48ee9216cdda504fe3b58660a7c161ac056 npiperelay_windows_386.exe
6e8755a361b8f643e083644291cd362ea267f2ae9eafe2af0a6283d584965df0 npiperelay_windows_386.zip
3d12330e5d15e9c049fcda725a6817813f93234c2ed2f570ee83718db84bf122 npiperelay_windows_amd64.exe
f30dd745b45433c7ac890307837d9af9a0a9b754e40035e57e0f3853a52e417e npiperelay_windows_amd64.zip
Antivirus
If your local antivirus treats the downloaded archive or executable as suspicious or malicious, you should try to report it as a false positive, e.g. to Symantec on symsubmit.symantec.com (select "Clean software incorrectly detected"). At the time of the release, no security vendors on VirusTotal flagged the asset download urls as malicious, but some very few (well below 10%) did flag the zip archive and executable files themselves (see report for each of the assets in expandable section below). The implementation is less than 300 lines of go code, plus a single, commonly used, third party dependency. The source code is automatically run through vulnerability analysis, using Go's govulncheck and GitHub's CodeQL, and a long list of code quality checks (linters), using golangci-lint (see .golangci.yml for the complete list). If you do worry, you are free to analyse the code yourself, and you can also build the executable locally from source.
Changelog
Commits since previous fork release:
- 9c32472 Build with Go version 1.25 while still supporting 1.24
- e9a65cf Bump golangci/golangci-lint-action from 6 to 8
- 62c3e6a Migrate golangci-lint configuration from v1 to v2
- ece997c Add note about GitHub generated asset checksums
- 490352e Bump actions/checkout from 4 to 5
- dd2ec5d Bump golang.org/x/sys from 0.34.0 to 0.35.0
(Application executable in release assets built with Go version 1.25.0).