This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate quinn-proto

Dependencies

(11 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 arbitrary^1.0.11.3.2up to date
 bytes^11.6.1up to date
 rand^0.80.8.5up to date
 ring^0.16.70.17.8out of date
 rustc-hash^1.12.0.0out of date
 rustls ⚠️^0.21.00.23.12out of date
 rustls-native-certs^0.60.7.1out of date
 slab^0.40.4.9up to date
 thiserror^1.0.211.0.63up to date
 tinyvec^1.11.8.0up to date
 tracing^0.1.100.1.40up to date

Dev dependencies

(5 total, 1 outdated)

CrateRequiredLatestStatus
 assert_matches^1.11.5.0up to date
 hex-literal^0.4.00.4.1up to date
 lazy_static^11.5.0up to date
 rcgen^0.10.00.13.1out of date
 tracing-subscriber^0.3.00.3.18up to date

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.