This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-http

Dependencies

(37 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-codec^0.4.00.4.0up to date
 actix-rt^2.22.2.0up to date
 actix-service^2.0.02.0.0up to date
 actix-tls^3.0.0-beta.52.0.0up to date
 actix-utils^3.0.03.0.0up to date
 ahash^0.70.7.4up to date
 base64^0.130.13.0up to date
 bitflags^1.21.3.2up to date
 brotli2^0.3.20.3.2up to date
 bytes^11.1.0up to date
 bytestring^11.0.0up to date
 derive_more^0.99.50.99.16up to date
 encoding_rs^0.80.8.28up to date
 flate2^1.0.131.0.22up to date
 futures-core^0.3.70.3.17up to date
 futures-util^0.3.70.3.17up to date
 h2^0.3.10.3.4up to date
 http^0.2.20.2.4up to date
 httparse^1.5.11.5.1up to date
 itoa^0.40.4.8up to date
 language-tags^0.30.3.2up to date
 local-channel^0.10.1.2up to date
 log^0.40.4.14up to date
 mime^0.30.3.16up to date
 once_cell^1.51.8.0up to date
 percent-encoding^2.12.1.0up to date
 pin-project^1.0.01.0.8up to date
 pin-project-lite^0.20.2.7up to date
 rand^0.80.8.4up to date
 regex^1.31.5.4up to date
 serde^1.01.0.130up to date
 sha-1^0.90.9.8up to date
 smallvec^1.6.11.6.1up to date
 time^0.2.230.3.2out of date
 tokio ⚠️^1.21.11.0maybe insecure
 trust-dns-resolver^0.20.00.20.3up to date
 zstd^0.70.9.0+zstd.1.5.0out of date

Security Vulnerabilities

tokio: Task dropped in wrong thread when aborting `LocalSet` task

RUSTSEC-2021-0072

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.