Deps.rs

aws-smithy-client 0.56.1

[![dependency status](https://deps.rs/crate/aws-smithy-client/0.56.1/status.svg)](https://deps.rs/crate/aws-smithy-client/0.56.1)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate aws-smithy-client

Dependencies

(20 total, 12 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 aws-smithy-async^0.56.11.2.5out of date
 aws-smithy-http^0.56.10.62.1out of date
 aws-smithy-http-tower^0.56.10.60.3out of date
 aws-smithy-protocol-test^0.56.10.63.4out of date
 aws-smithy-types^0.56.11.3.2out of date
 bytes^11.10.1up to date
 fastrand^2.0.02.3.0up to date
 http^0.2.31.3.1out of date
 http-body^0.4.41.0.1out of date
 hyper^0.14.261.6.0out of date
 hyper-rustls^0.240.27.7out of date
 hyper-tls^0.5.00.6.0out of date
 lazy_static^11.5.0up to date
 pin-project-lite^0.2.70.2.16up to date
 rustls ⚠️^0.21.10.23.29out of date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 tokio ⚠️^1.13.11.46.1maybe insecure
 tower^0.4.60.5.2out of date
 tracing^0.10.1.41up to date

Dev dependencies

(8 total, 2 outdated)

CrateRequiredLatestStatus
 aws-smithy-async^0.56.11.2.5out of date
 hyper-tls^0.5.00.6.0out of date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 tokio^1.23.11.46.1up to date
 tower-test^0.4.00.4.0up to date
 tracing-subscriber^0.3.160.3.19up to date
 tracing-test^0.2.40.2.5up to date

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.