This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rustls

Dependencies

(12 total, 1 possibly insecure)

CrateRequiredLatestStatus
 aws-lc-rs^1.91.12.0up to date
 brotli^77.0.0up to date
 brotli-decompressor^4.0.14.0.1up to date
 hashbrown ⚠️^0.150.15.2maybe insecure
 log^0.4.80.4.22up to date
 once_cell^1.161.20.2up to date
 rustls-pki-types^1.101.10.1up to date
 ring^0.170.17.8up to date
 subtle^2.5.02.6.1up to date
 rustls-webpki^0.102.80.102.8up to date
 zeroize^1.71.8.1up to date
 zlib-rs^0.40.4.1up to date

Dev dependencies

(11 total, 1 outdated)

CrateRequiredLatestStatus
 base64^0.220.22.1up to date
 bencher^0.1.50.1.5up to date
 env_logger^0.100.11.6out of date
 hex^0.40.4.3up to date
 log^0.4.80.4.22up to date
 num-bigint^0.4.40.4.6up to date
 rcgen^0.130.13.2up to date
 serde^11.0.216up to date
 serde_json^11.0.134up to date
 time^0.3.60.3.37up to date
 webpki-roots^0.260.26.7up to date

Security Vulnerabilities

hashbrown: Borsh serialization of HashMap is non-canonical

RUSTSEC-2024-0402

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding.

This can result in consensus splits and cause equivalent objects to be considered distinct.

This was patched in 0.15.1.