libunftp 0.19.1

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `libunftp`

Dependencies

(26 total, 10 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
async-trait	`^0.1.75`	`0.1.88`	up to date
bitflags	`^2.4.1`	`2.9.1`	up to date
bytes	`^1.5.0`	`1.10.1`	up to date
chrono	`^0.4.31`	`0.4.41`	up to date
dashmap	`^5.5.3`	`6.1.0`	out of date
derive_more	`^0.99.17`	`2.0.1`	out of date
futures-util	`^0.3.29`	`0.3.31`	up to date
getrandom	`^0.2.11`	`0.3.3`	out of date
lazy_static	`^1.4.0`	`1.5.0`	up to date
libc	`^0.2`	`0.2.174`	up to date
md-5	`^0.10.6`	`0.10.6`	up to date
moka	`^0.11.3`	`0.12.10`	out of date
prometheus	`^0.13.3`	`0.14.0`	out of date
proxy-protocol	`^0.5.0`	`0.5.0`	up to date
rustls ⚠️	`^0.21.10`	`0.23.28`	out of date
rustls-pemfile	`^1.0.4`	`2.2.0`	out of date
slog	`^2.7.0`	`2.7.0`	up to date
slog-stdlog	`^4.1.1`	`4.1.1`	up to date
thiserror	`^1.0.51`	`2.0.12`	out of date
tokio	`^1.35.1`	`1.46.0`	up to date
tokio-rustls	`^0.24.1`	`0.26.2`	out of date
tokio-util	`^0.7.10`	`0.7.15`	up to date
tracing	`^0.1.40`	`0.1.41`	up to date
tracing-attributes	`^0.1.27`	`0.1.30`	up to date
uuid	`^1.6.1`	`1.17.0`	up to date
x509-parser	`^0.14.0`	`0.17.0`	out of date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
pretty_assertions	`^1.4.0`	`1.4.1`	up to date
tokio	`^1.35.1`	`1.46.0`	up to date

Security Vulnerabilities

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.