Update NEWS.md and AUTHORS for 1.8.2

AUTHORS

@@ -15,6 +15,7 @@ pkoppstein           <pkoppstein@gmail.com>
 
 Contributions by:
 13ren                <melbourne.research@gmail.com>
+A4-Tacks             <wdsjxhno1001@163.com>
 AJ Jordan            <alex@strugee.net>
 Aaron Peschel        <apeschel@zendesk.com>
 Adam Lindberg        <hello@alind.io>
@@ -26,6 +27,7 @@ Alex Ozdemir         <aozdemir@hmc.edu>
 Alex Wilson          <gpg@probablyfine.co.uk>
 Alexandre Jasmin     <ajasmin@transtex-llc.com>
 Allan Clark          <allanc@chickenandporn.com>
+Alyssa Ross          <hi@alyssa.is>
 Andreas Heiduk       <asheiduk@users.noreply.github.com>
 Andrew O'Brien       <obrien.andrew@gmail.com>
 Andrew Rodland       <andrew@cleverdomain.org>
@@ -66,6 +68,7 @@ David Korczynski     <david@adalogics.com>
 David R. MacIver     <david@drmaciver.com>
 DavidKorczynski      <david@adalogics.com>
 Dawid Ferenczy Rogožan <ferenczy@users.noreply.github.com>
+Dennis Ameling       <dennis@dennisameling.com>
 Derrick Pallas       <derrick@pallas.us>
 Doug Luce            <doug@github.con.com>
 Eiichi Sato          <sato.eiichi@gmail.com>
@@ -76,6 +79,7 @@ Erik Brinkman        <erik.brinkman@gmail.com>
 Eugen                <EugenGez@gmail.com>
 Evan Zacks           <zackse@gmail.com>
 Fabian Dellwing      <fabian.dellwing@mbconnectline.de>
+Fabian Fleischer     <50590395+fab1ano@users.noreply.github.com>
 Felix Wolfsteller    <felix.wolfsteller@gmail.com>
 Filippo Giunchedi    <fgiunchedi@gmail.com>
 Filippo Valsorda     <filippo.valsorda@gmail.com>
@@ -96,6 +100,7 @@ Helmut K. C. Tessarek <tessarek@evermeet.cx>
 Henré Botha          <henrebotha@gmail.com>
 Ian Miell            <ian.miell@gmail.com>
 Ikko Ashimine        <eltociear@gmail.com>
+Ish Nagy             <50555716+ishnagy@users.noreply.github.com>
 J Phani Mahesh       <github@phanimahesh.me>
 J. B. Rainsberger    <me@jbrains.ca>
 Jack Pearkes         <jackpearkes@gmail.com>
@@ -104,6 +109,7 @@ Jakub Wilk           <jwilk@jwilk.net>
 James Andariese      <james.andariese@locationlabs.com>
 James Pearson Hughes <xiong.chiamiov@gmail.com>
 Jan Schulz           <jasc@gmx.net>
+Jan-Piet Mens        <jp@mens.de>
 Janne Cederberg      <janne.cederberg@gmail.com>
 Jason Hood           <jadoxa@yahoo.com.au>
 Jay Satiro           <raysatiro@yahoo.com>
@@ -115,8 +121,10 @@ Joel Purra           <code+github@joelpurra.com>
 Jonathan Chan Kwan Yin <sofe2038@gmail.com>
 Jonathan Word        <argoday@argoday.com>
 Josh Soref           <2119212+jsoref@users.noreply.github.com>
+José Joaquín Atria   <jjatria@gmail.com>
 Juan Guerrero        <juan.guerrero.lozano@gmail.com>
 Kamontat Chantrachirathumrong <14089557+kamontat@users.noreply.github.com>
+Kartik Shah          <krtk.6160@gmail.com>
 Kenny Shen           <kenny.shen@zalora.com>
 Kim De Mey           <kim.demey@gmail.com>
 Kim Toms             <kim.toms@bplglobal.net>
@@ -142,6 +150,7 @@ Matti Åstrand        <mattiastr@gmail.com>
 Mattias Hansson      <hansson.mattias@gmail.com>
 Maxime Biais         <maxime.biais@gmail.com>
 Maximilian Roos      <5635139+max-sixty@users.noreply.github.com>
+McSinyx              <cnx@loang.net>
 Michael Daines       <michael@mdaines.com>
 Michael Färber       <01mf02@gmail.com>
 Mike Daines          <mdaines@users.noreply.github.com>
@@ -153,6 +162,7 @@ Nicolas Pouillard    <nicolas.pouillard@gmail.com>
 Nicole Wren          <nicole@wren.systems>
 Paul Chvostek        <paul+gitkraken@it.ca>
 Paul Wise            <pabs3@bonedaddy.net>
+Peter Kjellerstedt   <peter.kjellerstedt@gmail.com>
 Peter van Dijk       <peter@7bits.nl>
 Philipp Hagemeister  <phihag@phihag.de>
 Ricardo Constantino  <wiiaboo@gmail.com>
@@ -161,6 +171,7 @@ Richard H Lee        <richard@webdezign.co.uk>
 Riley Avron          <riley.avron@gmail.com>
 Rob Wills            <rob.wills@gmail.com>
 Robert Aboukhalil    <robert.aboukhalil@gmail.com>
+Rohan Santhosh Kumar <181558744+Rohan5commit@users.noreply.github.com>
 Roland C. Dowdeswell <roland.dowdeswell@twosigma.com>
 Roman Inflianskas    <rominf@users.noreply.github.com>
 Romero Malaquias     <romero.malaquias@gmail.com>
@@ -169,6 +180,7 @@ Rémy Léone           <remy.leone@gmail.com>
 SArpnt               <sarpnt@ficial.net>
 Samar Sunkaria       <sameesunkaria@me.com>
 Santiago Lapresta    <santiago.lapresta@gmail.com>
+Scott Seal           <seal.scottm@gmail.com>
 Sean Wei             <me@sean.taipei>
 Sebastian Freundt    <freundt@ga-group.nl>
 Shaun Guth           <sguth@practicefusion.com>
@@ -181,6 +193,7 @@ Stephen Shaw         <stesh@netsoc.tcd.ie>
 Steven Ihde          <sihde@hamachi.us>
 Steven Maude         <StevenMaude@users.noreply.github.com>
 Steven Penny         <svnpenn@gmail.com>
+Sudhakar Verma       <10460978+sudhackar@users.noreply.github.com>
 Thalia Archibald     <thalia@archibald.dev>
 TheOdd               <owenhines@protonmail.com>
 Thomas Bozeman th026106 <thomas.bozeman@digitalglobe.com>
@@ -193,13 +206,16 @@ Tomas Halman         <thalman@redhat.com>
 Travis Gockel        <travis@gockelhut.com>
 Tyler Rockwood       <rockwotj@users.noreply.github.com>
 Ulrich Eckhardt      <ulrich.eckhardt@base-42.de>
+Vladimír Marek       <vlmarek13@gmail.com>
 W-Mark Kubacki       <wmark@hurrikane.de>
 William Chargin      <wchargin@gmail.com>
 Yasuhiro Matsumoto   <mattn.jp@gmail.com>
 Yeikel               <email@yeikel.com>
 Yoichi Nakayama      <yoichi.nakayama@gmail.com>
+Ze Sheng             <108382772+OwenSanzas@users.noreply.github.com>
 Zhaohui Mei          <mzh.whut@gmail.com>
 Zhiming Wang         <zmwangx@gmail.com>
+bigmoonbit           <bigmoonbit@outlook.com>
 calpeconsulting      <61429736+calpeconsulting@users.noreply.github.com>
 cdnbacon             <mike@busbud.com>
 dak180               <dak180@users.sf.net>
@@ -226,6 +242,7 @@ sachint              <32639496+sachintu47@users.noreply.github.com>
 sheepster            <omer531998@gmail.com>
 tal@whatexit.org     <tal@whatexit.org>
 taoky                <taoky99@outlook.com>
+tlsbollei            <170938166+tlsbollei@users.noreply.github.com>
 trantor              <trantorvega@gmail.com>
 wellweek             <148746285+wellweek@users.noreply.github.com>
 wllm-rbnt            <william.robinet@conostix.com>

NEWS.md

@@ -1,3 +1,82 @@
+# 1.8.2
+
+This is a patch release to fix security issues and various bugs found in 1.8.1, and add builds for Windows arm64 and Docker arm/v7.
+Full commit log can be found at <https://github.com/jqlang/jq/compare/jq-1.8.1...jq-1.8.2>.
+
+## Security fixes
+
+- CVE-2026-32316: Fix heap buffer overflow in `jvp_string_append` and `jvp_string_copy_replace_bad`.
+  @itchyny e47e56d226519635768e6aab2f38f0ab037c09e5
+- CVE-2026-33947: Limit path depth to prevent stack overflow in `jv_setpath`, `jv_getpath`, `jv_delpaths`.
+  @itchyny fb59f1491058d58bdc3e8dd28f1773d1ac690a1f
+- CVE-2026-40612: Limit containment check depth to prevent stack overflow in `contains`.
+  @itchyny d1a12569d91641135976a8536776a4a329c02cc2
+- CVE-2026-40164: Randomize hash seed to mitigate hash collision DoS attacks.
+  @AsafMeizner @itchyny 0c7d133c3c7e37c00b6d46b658a02244fdd3c784
+- CVE-2026-39979: Fix out-of-bounds read in `jv_parse_sized()`.
+  @wader 2f09060afab23fe9390cce7cb860b10416e1bf5f
+- CVE-2026-41257: Fix signed-int overflow in `stack_reallocate`.
+  @itchyny 01b3cded76daacbfddb7f8763700b0803bcb5c6f
+- CVE-2026-33948: Fix NUL truncation in the JSON parser.
+  @itchyny 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b
+- CVE-2026-41256: Fix NUL truncation in program files loaded with `-f`.
+  @itchyny 5a015deae35d19e3ebbc65db6c157a80e76df738
+- CVE-2026-39956: Fix `_strindices` missing runtime type checks.
+  @tlsbollei fdf8ef0f0810e3d365cdd5160de43db46f57ed03
+- GHSA-gf4g-95wj-4q4r: Fix use-after-free in `args2obj()` array argument path. @sseal #3498
+- Limit number of function parameters and definitions to prevent SEGV. @OwenSanzas #3460
+- Pre-allocate `tokenbuf` for string parser to avoid undefined behavior. @fab1ano #3485
+- Fix memory leaks and double frees. @itchyny #3487
+
+## Releasing
+
+- Add builds for Windows arm64. @dennisameling #3376
+- Support arm/v7 architecture in Docker images. @itchyny #3463
+- Update GPG signing key. @itchyny 0ff997f
+
+## CLI changes
+
+- Improve error message truncation with closing delimiters. @itchyny #3478
+- Remove extra space from `die` function output. @krtk6160 #3391
+- Fix raw input flag not to corrupt multi-byte characters. @itchyny #3421
+- Fix crash when importing a module with errors twice. @itchyny #3497
+- Increase the maximum printing depth from 256 to 10000. @ishnagy #3414
+
+## Changes to existing functions
+
+- Fix `rtrimstr("")` always outputting `""`. @A4-Tacks #3415
+- Fix infinite loop and undefined behavior in `del(.[nan])`. @itchyny #3490
+- Refactor `@uri` and `@urid` to fix multi-byte UTF-8 corruption. @itchyny #3495
+- Fix `tonumber` and `toboolean` to reject strings with embedded null bytes. @itchyny #3496
+- Fix undefined behavior in modulo operator. @fab1ano #3486
+- Fix reversed pointer subtraction in `f_env` bounds check. @itchyny #3465
+- Fix missing validity check in `f_strflocaltime` after `f_localtime`. @itchyny #3491
+- Fix year 2038 problem on 32-bit platforms. @itchyny #3407
+- Use `//` instead of `//=` in `from_entries` definition. @itchyny #3516
+
+## Build and test changes
+
+- Drop `strptime` test using non-portable `%F`. @alyssais #3365
+- Limit oniguruma depth to 1024 in `jq_fuzz_execute`. @sudhackar #3377
+- Fix localization test for time formatting functions. @itchyny #3409
+- Fix expected value assertion. @itchyny #3431 #3408
+- Fix typo in tests/jq.test. @bigmoonbit #3441
+- Refactor `tm2jv` to handle fractional seconds. @itchyny #3489
+- Fix `jq_fuzz_parse_stream`: use iterative parser API for streaming mode. @OwenSanzas #3499
+- Fix crashes and resource leaks in `jq_testsuite`. @itchyny #3509
+- Support building with `--disable-maintainer-mode` and source != build dir. @Saur2000 #3518
+- Add Solaris support. @vlmarek #3515
+- Respect `SOURCE_DATE_EPOCH` while generating man page. @McSinyx #3514
+- Fix CI to add `artifact-metadata` permission for actions/attest. @itchyny ##3530
+
+## Documentation changes
+
+- Add wiki link to navigation bar. @wader #3424
+- Add missing word in manual for rawfile. @jpmens #3434
+- Fix typo `stder` -> `stderr`. @jjatria #3446
+- Fix buttons in tutorial to toggle labels when clicked on. @itchyny #3493
+- Fix `happened` spelling in tutorial changelog entries. @Rohan5commit #3525
+
 # 1.8.1
 
 This is a patch release to fix security, performance, and build issues found in 1.8.0.