v0.2.1

Security hardening.

• Local list() skips symlinks and treats prefix as a path-segment boundary (CWE-200/CWE-22)
• Azure SAS URLs URL-encode the object key (CWE-150)
• Secret config fields excluded from dataclass repr (CWE-532)
• put() accepts an optional max_size across all backends (CWE-770)
• Content-type guard helpers for stored-XSS defense (CWE-79)
• S3 signed DELETE URLs require explicit allow_delete=True (CWE-285)
• LocalStorage warns when no signing secret or base URL is set

v0.2.0 — security hardening

Full OWASP review fixes. See CHANGELOG.md for details.

v0.1.0

Initial release.

One Storage protocol, four backends: local filesystem, AWS S3 / S3-compatible (extras [s3]), GCS ([gcs]), Azure Blob ([azure]). Streaming uploads/downloads. Pre-signed URLs. Depends(get_storage).