This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate quinn-proto

Dependencies

(11 total, 5 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arbitrary^1.0.11.4.1up to date
 bytes^11.9.0up to date
 rand^0.80.8.5up to date
 ring^0.16.70.17.8out of date
 rustc-hash^1.12.1.0out of date
 rustls ⚠️^0.21.00.23.20out of date
 rustls-native-certs^0.60.8.1out of date
 slab^0.40.4.9up to date
 thiserror^1.0.212.0.6out of date
 tinyvec^1.11.8.0up to date
 tracing^0.1.100.1.41up to date

Dev dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 assert_matches^1.11.5.0up to date
 hex-literal^0.4.00.4.1up to date
 lazy_static^11.5.0up to date
 rcgen^0.10.00.13.1out of date
 tracing-subscriber^0.3.00.3.19up to date

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.