This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate slog-term

Dependencies

(8 total, 1 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 atty^0.20.2.14up to date
 chrono ⚠️^0.40.4.37maybe insecure
 erased-serde^0.30.4.4out of date
 serde^1.01.0.197up to date
 serde_json^1.01.0.115up to date
 slog^22.7.0up to date
 term^0.70.7.0up to date
 thread_local ⚠️^11.1.8maybe insecure

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 slog-async^22.8.0up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

thread_local: Data race in `Iter` and `IterMut`

RUSTSEC-2022-0006

In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values.

Crates using Iter::next, or IterMut::next are affected by this issue.