This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate console-subscriber

Dependencies

(17 total, 4 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 console-api^0.4.00.8.1out of date
 crossbeam-channel^0.50.5.15up to date
 crossbeam-utils^0.8.70.8.21up to date
 futures^0.30.3.31up to date
 hdrhistogram^7.3.07.5.4up to date
 humantime^2.1.02.3.0up to date
 parking_lot^0.110.12.5out of date
 prost-types^0.11.00.14.1out of date
 serde^11.0.228up to date
 serde_json^11.0.145up to date
 thread_local ⚠️^1.1.31.1.9maybe insecure
 tokio ⚠️^1.151.48.0maybe insecure
 tokio-stream^0.10.1.17up to date
 tonic^0.80.14.2out of date
 tracing^0.1.260.1.41up to date
 tracing-core^0.1.240.1.34up to date
 tracing-subscriber^0.3.110.3.20up to date

Dev dependencies

(2 total, 1 possibly insecure)

CrateRequiredLatestStatus
 futures^0.30.3.31up to date
 tokio ⚠️^1.211.48.0maybe insecure

Security Vulnerabilities

thread_local: Data race in `Iter` and `IterMut`

RUSTSEC-2022-0006

In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values.

Crates using Iter::next, or IterMut::next are affected by this issue.

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);