thegraydot · thomaslaurenson · Apr 28, 2026 · Apr 12, 2026 · Apr 27, 2026 · Apr 27, 2026
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
@@ -46,21 +46,18 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Create prerelease
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: dev
-          name: Dev (Pre-release)
-          prerelease: true
-          files: |
-            mpqcli-linux-amd64-glibc
-            mpqcli-linux-amd64-musl
-            mpqcli-linux-arm64-glibc
-            mpqcli-linux-arm64-musl
+        run: |
+          gh release create dev \
+            --title "Dev (Pre-release)" \
+            --prerelease \
+            --notes "**Commit:** ${{ github.sha }}" \
+            mpqcli-linux-amd64-glibc \
+            mpqcli-linux-amd64-musl \
+            mpqcli-linux-arm64-glibc \
+            mpqcli-linux-arm64-musl \
             mpqcli-windows-amd64.exe
-          body: |
-            **Commit:** ${{ github.sha }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   prerelease_docker:
     needs: prerelease_binaries

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -48,17 +48,17 @@ jobs:
           echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Release package
-        uses: softprops/action-gh-release@v2
-        with:
-          files: |
-            mpqcli-linux-amd64-glibc
-            mpqcli-linux-amd64-musl
-            mpqcli-linux-arm64-glibc
-            mpqcli-linux-arm64-musl
+        run: |
+          gh release create ${{ github.ref_name }} \
+            --title "${{ github.ref_name }}" \
+            --notes "${{ steps.changelog.outputs.content }}" \
+            mpqcli-linux-amd64-glibc \
+            mpqcli-linux-amd64-musl \
+            mpqcli-linux-arm64-glibc \
+            mpqcli-linux-arm64-musl \
             mpqcli-windows-amd64.exe
-          body: ${{ steps.changelog.outputs.content }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   release_docker:
     needs: release_binaries

diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -12,12 +12,16 @@ permissions:
 jobs:
   build:
     uses: ./.github/workflows/build.yml
+  lint:
+    uses: ./.github/workflows/lint.yml
+    needs: build
   test:
     uses: ./.github/workflows/test.yml
     needs: build
   release:
     uses: ./.github/workflows/release.yml
-    needs: 
+    needs:
       - build
+      - lint
       - test
     secrets: inherit
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # Changelog
 
+## 0.9.10 - 2026-04-27
+
+### Fixed
+
+- Extract command now reports an error when the output directory cannot be created
+- Path traversal guard in extract uses fully resolved paths, closing a potential bypass
+- Crash when reading strong signatures from malformed or truncated archives
+
+### Updated
+
+- Docker glibc image updated to ubuntu:24.04
+
 ## 0.9.9 - 2026-04-05
 
 ### Fixed

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 3.10)
 
-project(MPQCLI VERSION 0.9.9)
+project(MPQCLI VERSION 0.9.10)
 
 # Options
 option(BUILD_MPQCLI "Build the mpqcli CLI app" ON)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -112,6 +112,19 @@ if (flags & MPQ_FILE_COMPRESS)  result += 'c';
 // clang-format on
 ```
 
+## Known Design Constraints
+
+### StormLib locale state is global and not thread-safe
+
+`SFileSetLocale` sets a process-wide locale variable (`g_lcFileLocale`) inside StormLib. All locale-sensitive operations in `mpq.cpp` — file open, add, remove, read, extract, and list — call `SFileSetLocale` immediately before the relevant StormLib call. There is no locale-explicit alternative in StormLib's public API (`SFileOpenFileEx`, `SFileAddFileEx`, etc. all read `g_lcFileLocale` internally).
+
+This means:
+
+- The `SFileSetLocale` + StormLib-call sequence is **not atomic** and would be unsafe under concurrency
+- mpqcli is intentionally **single-threaded**; do not introduce threads or async I/O without auditing every locale-sensitive call site in `mpq.cpp`
+
+If you add a new StormLib call that is locale-sensitive, follow the existing pattern: call `SFileSetLocale` immediately before it, with no intervening calls between the two.
+
 ## Workflow Summary
 
 1. Fork the repository and create a branch for your change

diff --git a/Dockerfile.glibc b/Dockerfile.glibc
@@ -1,5 +1,5 @@
 # Stage 1: Build and Test
-FROM ubuntu:22.04 AS builder
+FROM ubuntu:24.04 AS builder
 
 RUN apt-get update && apt-get install -y \
     build-essential \
@@ -21,11 +21,7 @@ RUN cmake --build build
 RUN strip build/bin/mpqcli
 
 # Stage 2: Create a minimal runtime image
-FROM ubuntu:22.04 AS runtime
-
-RUN apt-get update && apt-get install -y \
-    libstdc++6 \
-    && rm -rf /var/lib/apt/lists/*
+FROM ubuntu:24.04 AS runtime
 
 COPY --from=builder /mpqcli/build/bin/mpqcli /usr/local/bin/mpqcli
 

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -13,6 +13,7 @@ endif()
 # Create the main executable
 add_executable(mpqcli
     main.cpp
+    commands.cpp
     mpq.cpp
     helpers.cpp
     locales.cpp