Security

• CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal
• CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload

CLI changes

• Make the default background color more suitable for bright backgrounds. @mjarosie @taoky @nicowilliams @itchyny #2904
• Allow passing the inline jq script after --. @emanuele6 #2919
• Restrict systems operations on OpenBSD and remove unused mkstemp. @klemensn #2934
• Fix possible uninitialised value dereference if jq_init() fails. @emanuele6 @nicowilliams #2935

Language changes

• Simplify paths/0 and paths/1. @asheiduk @emanuele6 #2946
• Reject U+001F in string literals. @torsten-schenk @itchyny @wader #2911
• Remove unused nref accumulator in block_bind_library. @emanuele6 #2914
• Remove a bunch of unused variables, and useless assignments. @emanuele6 #2914
• main.c: Remove unused EXIT_STATUS_EXACT option. @emanuele6 #2915
• Actually use the number correctly casted from double to int as index. @emanuele6 #2916
• src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. @emanuele6 #2937
• Remove undefined behavior caught by LLVM 10 UBSAN. @Gaelan @emanuele6 #2926
• Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. @wader @leonid-s-usov #2949
• Fix memory leaks on invalid input for ltrimstr/1 and rtrimstr/1. @emanuele6 #2977
• Fix memory leak on failed get for setpath/2. @emanuele6 #2970
• Fix nan from json parsing also for nans with payload that start with 'n'. @emanuele6 #2985
• Allow carriage return characters in comments. @emanuele6 #2942 #2984

Documentation changes

• Generate links in the man page. @emanuele6 #2931
• Standardize arch types to AMD64 & ARM64 from index page download dropdown. @owenthereal #2884

libjq

• Add extern C for C++. @rockwotj #2953

Build and test changes

• Fix incorrect syntax for checksum file. @kamontat @wader #2899
• Remove -dirty version suffix for windows release build. @itchyny #2888
• Make use of od in tests more compatible. @nabijaczleweli @emanuele6 @nicowilliams #2922
• Add dependabot. @yeikel #2889
• Extend fuzzing setup to fuzz parser and and JSON serializer. @DavidKorczynski @emanuele6 #2952
• Keep releasing executables with legacy names. @itchyny #2951

New Contributors

• @yeikel made their first contribution in https://github.com/jqlang/jq/pull/2889
• @dependabot made their first contribution in https://github.com/jqlang/jq/pull/2894
• @kamontat made their first contribution in https://github.com/jqlang/jq/pull/2899
• @taoky made their first contribution in https://github.com/jqlang/jq/pull/2904
• @tboz203 made their first contribution in https://github.com/jqlang/jq/pull/2920
• @nabijaczleweli made their first contribution in https://github.com/jqlang/jq/pull/2922
• @klemensn made their first contribution in https://github.com/jqlang/jq/pull/2934
• @asheiduk made their first contribution in https://github.com/jqlang/jq/pull/2946
• @rockwotj made their first contribution in https://github.com/jqlang/jq/pull/2953
• @jesperronn made their first contribution in https://github.com/jqlang/jq/pull/2898

Full Changelog: https://github.com/jqlang/jq/compare/jq-1.7...jq-1.7.1