This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate sonic-server

Dependencies

(21 total, 12 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 byteorder^1.31.5.0up to date
 clap^2.334.5.4out of date
 fst^0.30.4.7out of date
 fst-levenshtein^0.20.3.0out of date
 fst-regex^0.20.3.0out of date
 graceful^0.10.1.1up to date
 hashbrown^0.30.14.3out of date
 jemallocator^0.30.5.4out of date
 lazy_static^1.31.4.0up to date
 linked_hash_set^0.10.1.4up to date
 log^0.40.4.21up to date
 radix^0.40.6.0out of date
 rand^0.60.8.5out of date
 regex-syntax^0.60.8.3out of date
 rocksdb ⚠️^0.12.20.22.0out of date
 serde^1.01.0.197up to date
 serde_derive^1.01.0.197up to date
 toml^0.50.8.12out of date
 twox-hash^1.21.6.3up to date
 unicode-segmentation^1.21.11.0up to date
 whatlang^0.70.16.4out of date

Security Vulnerabilities

rocksdb: Out-of-bounds read when opening multiple column families with TTL

RUSTSEC-2022-0046

Affected versions of this crate called the RocksDB C API rocksdb_open_column_families_with_ttl() with a pointer to a single integer TTL value, but one TTL value for each column family is expected.

This is only relevant when using rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl() with multiple column families.

This bug has been fixed in v0.19.0.