This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
solana-quic-client(18 total, 2 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| async-lock | ^3.4.0 | 3.4.0 | up to date |
| async-trait | ^0.1.83 | 0.1.83 | up to date |
| futures | ^0.3.31 | 0.3.31 | up to date |
| itertools | ^0.12.1 | 0.13.0 | out of date |
| lazy_static | ^1.5.0 | 1.5.0 | up to date |
| log | ^0.4.22 | 0.4.22 | up to date |
| quinn | ^0.11.6 | 0.11.6 | up to date |
| quinn-proto | ^0.11.9 | 0.11.9 | up to date |
| rustls ⚠️ | ^0.23.15 | 0.23.20 | maybe insecure |
| solana-connection-cache | =2.1.6 | 2.1.6 | up to date |
| solana-measure | =2.1.6 | 2.1.6 | up to date |
| solana-metrics | =2.1.6 | 2.1.6 | up to date |
| solana-net-utils | =2.1.6 | 2.1.6 | up to date |
| solana-rpc-client-api | =2.1.6 | 2.1.6 | up to date |
| solana-sdk | =2.1.6 | 2.1.6 | up to date |
| solana-streamer | =2.1.6 | 2.1.6 | up to date |
| thiserror | ^1.0.65 | 2.0.7 | out of date |
| tokio | ^1.29.1 | 1.42.0 | up to date |
(3 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| crossbeam-channel | ^0.5.13 | 0.5.14 | up to date |
| solana-logger | =2.1.6 | 2.1.6 | up to date |
| solana-perf | =2.1.6 | 2.1.6 | up to date |
rustls: rustls network-reachable panic in `Acceptor::accept`A bug introduced in rustls 0.23.13 leads to a panic if the received
TLS ClientHello is fragmented. Only servers that use
rustls::server::Acceptor::accept() are affected.
Servers that use tokio-rustls's LazyConfigAcceptor API are affected.
Servers that use tokio-rustls's TlsAcceptor API are not affected.
Servers that use rustls-ffi's rustls_acceptor_accept API are affected.