This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate unleash-edge

Dependencies

(46 total, 10 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 actix-cors^0.7.00.7.0up to date
 actix-http^3.9.03.9.0up to date
 actix-middleware-etag^0.4.20.4.2up to date
 actix-service^2.0.22.0.2up to date
 actix-web^4.9.04.9.0up to date
 ahash^0.8.110.8.11up to date
 anyhow^1.0.891.0.94up to date
 async-trait^0.1.830.1.83up to date
 aws-config^1.5.71.5.11up to date
 aws-sdk-s3^1.53.01.66.0up to date
 chrono^0.4.380.4.39up to date
 cidr^0.3.00.3.0up to date
 clap^4.5.194.5.23up to date
 clap-markdown^0.1.40.1.4up to date
 dashmap^6.0.16.1.0up to date
 futures^0.3.300.3.31up to date
 futures-core^0.3.300.3.31up to date
 iter_tools^0.21.00.24.0out of date
 itertools^0.13.00.13.0up to date
 lazy_static^1.4.01.5.0up to date
 num_cpus^1.16.01.16.0up to date
 opentelemetry^0.24.00.27.1out of date
 opentelemetry-prometheus^0.17.00.27.0out of date
 opentelemetry-semantic-conventions^0.16.00.27.0out of date
 opentelemetry_sdk^0.24.00.27.1out of date
 prometheus^0.13.40.13.4up to date
 prometheus-static-metric^0.5.10.5.1up to date
 rand^0.8.50.8.5up to date
 redis^0.27.00.27.6up to date
 reqwest^0.12.80.12.9up to date
 rustls ⚠️^0.23.130.23.20maybe insecure
 rustls-pemfile^2.2.02.2.0up to date
 rustls-pki-types^1.9.01.10.1up to date
 semver^1.0.231.0.24up to date
 serde^1.0.2101.0.216up to date
 serde_json^1.0.1281.0.133up to date
 serde_qs^0.13.00.13.0up to date
 shadow-rs^0.35.00.37.0out of date
 tokio^1.40.01.42.0up to date
 tracing^0.1.400.1.41up to date
 tracing-subscriber^0.3.180.3.19up to date
 ulid^1.1.21.1.3up to date
 unleash-types^0.130.14.0out of date
 unleash-yggdrasil^0.13.20.14.1out of date
 utoipa^4.2.35.2.0out of date
 utoipa-swagger-ui^7.1.08.0.3out of date

Dev dependencies

(10 total, all up-to-date)

CrateRequiredLatestStatus
 actix-http^3.9.03.9.0up to date
 actix-http-test^3.2.03.2.0up to date
 actix-service^2.0.22.0.2up to date
 env_logger^0.11.50.11.5up to date
 maplit^1.0.21.0.2up to date
 rand^0.8.50.8.5up to date
 test-case^3.3.13.3.1up to date
 testcontainers^0.23.10.23.1up to date
 testcontainers-modules^0.11.20.11.4up to date
 tracing-test^0.2.50.2.5up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.