diff --git a/Changes b/Changes
index 3f0a5f0..0269c4f 100644
--- a/Changes
+++ b/Changes
@@ -1,3 +1,4 @@
+0.08
   - add TO_JSON method
   - substitute offset numbers by constants
   - fix typos in pod documentation
diff --git a/README.pod b/README.pod
index 6300f3a..4945cd9 100644
--- a/README.pod
+++ b/README.pod
@@ -26,7 +26,7 @@ GDPR::IAB::TCFv2 - Transparency & Consent String version 2 parser
 
 =head1 VERSION
 
-Version 0.07
+Version 0.08
 
 =head1 SYNOPSIS
 
diff --git a/lib/GDPR/IAB/TCFv2.pm b/lib/GDPR/IAB/TCFv2.pm
index 0b11067..bea4534 100644
--- a/lib/GDPR/IAB/TCFv2.pm
+++ b/lib/GDPR/IAB/TCFv2.pm
@@ -21,7 +21,7 @@ use GDPR::IAB::TCFv2::BitUtils qw<is_set
 use GDPR::IAB::TCFv2::PublisherRestrictions;
 use GDPR::IAB::TCFv2::RangeSection;
 
-our $VERSION = "0.07";
+our $VERSION = "0.08";
 
 use constant {
     CONSENT_STRING_TCF2_SEPARATOR => '.',
@@ -591,7 +591,7 @@ GDPR::IAB::TCFv2 - Transparency & Consent String version 2 parser
 
 =head1 VERSION
 
-Version 0.07
+Version 0.08
 
 =head1 SYNOPSIS
 
diff --git a/t/01-parse.t b/t/01-parse.t
index 74407db..8c2ba0c 100644
--- a/t/01-parse.t
+++ b/t/01-parse.t
@@ -417,6 +417,20 @@ subtest "invalid tcf consent string candidates" => sub {
     qr/invalid base64 format/,
       'string is not a base64 url encoded string';
 
+    throws_ok {
+        GDPR::IAB::TCFv2->Parse('COvcSpYOvcSpYC9AAAENAPCAAAAAAAAAAAAAAFAAAAA')
+    }
+    qr/index our of bounds on offset 256/,
+      'this test uses a crafted consent uses bit field, declares 10 vendors and legitimate interest without required content';
+
+    throws_ok {
+        GDPR::IAB::TCFv2->Parse(
+            'COvcSpYOvcSpYC9AAAENAPCAAAAAAAAAAAAAAFQBgAAgABAACAAEAAQAAgAA')
+    }
+    qr/index our of bounds on offset 360/,
+      'this test uses a crafted consent uses range section, declares 10 vendors, 6 exceptions and legitimate interest without require';
+
+
     done_testing;
 };