Deps.rs

actix-redis 0.10.0-beta.4

[![dependency status](https://deps.rs/crate/actix-redis/0.10.0-beta.4/status.svg)](https://deps.rs/crate/actix-redis/0.10.0-beta.4)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate actix-redis

Dependencies

(18 total, 7 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix^0.12.00.13.3out of date
 actix-rt^2.12.9.0up to date
 actix-service^2.0.02.0.2up to date
 actix-session^0.5.0-beta.50.9.0out of date
 actix-tls^3.0.0-rc.23.4.0up to date
 actix-web^4.0.0-beta.144.6.0up to date
 backoff^0.2.10.4.0out of date
 derive_more^0.99.20.99.17up to date
 futures-core^0.3.70.3.30up to date
 log^0.4.60.4.21up to date
 rand^0.8.00.8.5up to date
 redis-async^0.80.17.2out of date
 redis^0.19.00.25.3out of date
 serde^1.0.1011.0.202up to date
 serde_json^1.0.401.0.117up to date
 time^0.2.230.3.36out of date
 tokio ⚠️^11.37.0maybe insecure
 tokio-util^0.6.10.7.11out of date

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);