This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate tokio-native-tls


(2 total, 1 possibly insecure)

 native-tls^ to date
 tokio ⚠️^ insecure

Dev dependencies

(11 total, 3 outdated, 2 possibly insecure)

 cfg-if^ of date
 env_logger^ of date
 futures^ to date
 lazy_static^ to date
 tempfile^ to date
 tokio ⚠️^ insecure
 tokio-util^ to date
 openssl ⚠️^ insecure
 security-framework^ of date
 schannel^ to date
 winapi^ to date

Security Vulnerabilities

openssl: Use after free in CMS Signing


Affected versions of the OpenSSL crate used structures after they'd been freed.

tokio: Task dropped in wrong thread when aborting `LocalSet` task


When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.