webrtc-dtls 0.8.0

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `webrtc-dtls`

Dependencies

(29 total, 6 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
aes	`^0.8`	`0.8.4`	up to date
aes-gcm	`^0.10`	`0.10.3`	up to date
async-trait	`^0.1`	`0.1.80`	up to date
bincode	`^1`	`1.3.3`	up to date
byteorder	`^1`	`1.5.0`	up to date
cbc	`^0.1`	`0.1.2`	up to date
ccm	`^0.5`	`0.5.0`	up to date
der-parser	`^8.1`	`9.0.0`	out of date
hkdf	`^0.12`	`0.12.4`	up to date
hmac	`^0.12`	`0.12.1`	up to date
log	`^0.4`	`0.4.21`	up to date
p256	`^0.13`	`0.13.2`	up to date
p384	`^0.13`	`0.13.0`	up to date
pem	`^3`	`3.0.4`	up to date
rand	`^0.8`	`0.8.5`	up to date
rand_core	`^0.6`	`0.6.4`	up to date
rcgen	`^0.11`	`0.13.1`	out of date
ring	`^0.16.19`	`0.17.8`	out of date
rustls ⚠️	`^0.21`	`0.23.7`	out of date
sec1	`^0.7`	`0.7.3`	up to date
serde	`^1`	`1.0.202`	up to date
sha1	`^0.10`	`0.10.6`	up to date
sha2	`^0.10`	`0.10.8`	up to date
subtle	`^2`	`2.5.0`	up to date
thiserror	`^1`	`1.0.61`	up to date
tokio	`^1.32.0`	`1.37.0`	up to date
webrtc-util	`^0.8`	`0.9.0`	out of date
x25519-dalek	`^2`	`2.0.1`	up to date
x509-parser	`^0.15`	`0.16.0`	out of date

Dev dependencies

(4 total, 2 outdated)

Crate	Required	Latest	Status
chrono	`^0.4.28`	`0.4.38`	up to date
clap	`^3`	`4.5.4`	out of date
env_logger	`^0.10`	`0.11.3`	out of date
tokio-test	`^0.4`	`0.4.4`	up to date

Security Vulnerabilities

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.