This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate unleash-edge

Dependencies

(44 total, 14 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-cors^0.7.00.7.0up to date
 actix-http^3.8.03.9.0up to date
 actix-middleware-etag^0.4.10.4.2up to date
 actix-service^2.0.22.0.2up to date
 actix-web^4.8.04.9.0up to date
 ahash^0.8.110.8.11up to date
 anyhow^1.0.861.0.95up to date
 async-trait^0.1.810.1.86up to date
 chrono^0.4.380.4.39up to date
 cidr^0.2.30.3.1out of date
 clap^4.5.94.5.28up to date
 clap-markdown^0.1.40.1.4up to date
 dashmap^6.0.16.1.0up to date
 futures^0.3.300.3.31up to date
 futures-core^0.3.300.3.31up to date
 iter_tools^0.19.00.24.0out of date
 itertools^0.13.00.14.0out of date
 lazy_static^1.4.01.5.0up to date
 num_cpus^1.16.01.16.0up to date
 opentelemetry^0.23.00.27.1out of date
 opentelemetry-prometheus^0.16.00.27.0out of date
 opentelemetry-semantic-conventions^0.15.00.27.0out of date
 opentelemetry_sdk^0.23.00.27.1out of date
 prometheus^0.13.40.13.4up to date
 prometheus-static-metric^0.5.10.5.1up to date
 rand^0.8.50.9.0out of date
 redis^0.25.40.28.2out of date
 reqwest^0.12.50.12.12up to date
 rustls ⚠️^0.23.110.23.22maybe insecure
 rustls-pemfile^2.1.22.2.0up to date
 rustls-pki-types^1.7.01.11.0up to date
 semver^1.0.231.0.25up to date
 serde^1.0.2041.0.217up to date
 serde_json^1.0.1201.0.138up to date
 serde_qs^0.13.00.13.0up to date
 shadow-rs^0.29.00.38.0out of date
 tokio^1.38.01.43.0up to date
 tracing^0.1.400.1.41up to date
 tracing-subscriber^0.3.180.3.19up to date
 ulid^1.1.21.2.0up to date
 unleash-types^0.130.15.6out of date
 unleash-yggdrasil^0.13.00.17.0out of date
 utoipa^4.2.35.3.1out of date
 utoipa-swagger-ui^7.1.09.0.0out of date

Dev dependencies

(10 total, 3 outdated)

CrateRequiredLatestStatus
 actix-http^3.8.03.9.0up to date
 actix-http-test^3.2.03.2.0up to date
 actix-service^2.0.22.0.2up to date
 env_logger^0.11.30.11.6up to date
 maplit^1.0.21.0.2up to date
 rand^0.8.50.9.0out of date
 test-case^3.3.13.3.1up to date
 testcontainers^0.20.00.23.2out of date
 testcontainers-modules^0.8.00.11.6out of date
 tracing-test^0.2.50.2.5up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.