8xff / atm0s-media-server

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `atm0s-media-server`

Dependencies

(15 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
poem	`^3.0`	`3.1.6`	up to date
poem-openapi	`^5.0`	`5.1.5`	up to date
rust-embed	`^8.0`	`8.5.0`	up to date
local-ip-address	`^0.6`	`0.6.3`	up to date
serde	`^1.0`	`1.0.217`	up to date
serde_json	`^1.0`	`1.0.138`	up to date
quinn	`^0.11`	`0.11.6`	up to date
rustls ⚠️	`^0.23`	`0.23.21`	maybe insecure
rcgen	`^0.13`	`0.13.2`	up to date
maxminddb	`^0.24`	`0.24.0`	up to date
sysinfo	`^0.32`	`0.33.1`	out of date
hex	`^0.4`	`0.4.3`	up to date
mime_guess	`^2.0`	`2.0.5`	up to date
reqwest	`^0.12`	`0.12.12`	up to date
sentry	`^0.34`	`0.36.0`	out of date

Crate `media-server-protocol`

Dependencies

(4 total, 1 possibly insecure)

Crate	Required	Latest	Status
bincode	`^1.3`	`1.3.3`	up to date
serde	`^1.0`	`1.0.217`	up to date
quinn	`^0.11`	`0.11.6`	up to date
tokio ⚠️	`^1`	`1.43.0`	maybe insecure

Build dependencies

(3 total, all up-to-date)

Crate	Required	Latest	Status
prost-build	`^0.13`	`0.13.4`	up to date
tera	`^1`	`1.20.0`	up to date
serde	`^1.0.200`	`1.0.217`	up to date

Crate `media-server-utils`

Dependencies

(8 total, all up-to-date)

Crate	Required	Latest	Status
sorted-vec	`^0.8`	`0.8.6`	up to date
serde	`^1.0`	`1.0.217`	up to date
uriparse	`^0.6`	`0.6.4`	up to date
serde-querystring	`^0.2`	`0.2.1`	up to date
pin-project-lite	`^0.2`	`0.2.16`	up to date
once_cell	`^1.20`	`1.20.2`	up to date
urlencoding	`^2.1`	`2.1.3`	up to date
derive_more	`^1.0`	`1.0.0`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
criterion	`^0.5`	`0.5.1`	up to date

Crate `media-server-core`

No external dependencies! 🙌

Crate `media-server-runner`

No external dependencies! 🙌

Crate `transport-webrtc`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
str0m	`^0.6`	`0.6.3`	up to date

Crate `transport-rtpengine`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
sdp-rs	`^0.2`	`0.2.1`	up to date
rtp-rs	`^0.6`	`0.6.0`	up to date

Crate `media-server-secure`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
jwt-simple	`^0.12`	`0.12.11`	up to date
serde	`^1.0`	`1.0.217`	up to date

Crate `media-server-gateway`

No external dependencies! 🙌

Crate `audio-mixer`

No external dependencies! 🙌

Crate `media-server-connector`

Dependencies

(9 total, 1 outdated)

Crate	Required	Latest	Status
lru	`^0.12`	`0.13.0`	out of date
async-trait	`^0.1`	`0.1.85`	up to date
sea-orm-migration	`^1.1.0-rc.1`	`1.1.4`	up to date
sea-orm	`^1.1.0-rc.1`	`1.1.4`	up to date
sea-query	`^0.32.0-rc.1`	`0.32.1`	up to date
serde_json	`^1.0`	`1.0.138`	up to date
s3-presign	`^0.0.3`	`0.0.3`	up to date
uuid	`^1.10`	`1.12.1`	up to date
reqwest	`^0.12`	`0.12.12`	up to date

Dev dependencies

(1 total, 1 possibly insecure)

Crate	Required	Latest	Status
tokio ⚠️	`^1`	`1.43.0`	maybe insecure

Crate `media-server-record`

Dependencies

(15 total, 1 outdated, 3 possibly insecure)

Crate	Required	Latest	Status
tokio ⚠️	`^1`	`1.43.0`	maybe insecure
reqwest	`^0.12`	`0.12.12`	up to date
tokio-util	`^0.7.11`	`0.7.13`	up to date
futures	`^0.3.30`	`0.3.31`	up to date
bytes	`^1.6.0`	`1.9.0`	up to date
surf	`^2.3.2`	`2.3.2`	up to date
webm	`^1.1.2`	`1.1.2`	up to date
rtp	`^0.11.0`	`0.12.0`	out of date
clap	`^4.5`	`4.5.27`	up to date
serde	`^1.0`	`1.0.217`	up to date
serde_json	`^1.0.120`	`1.0.138`	up to date
poem	`^3.0`	`3.1.6`	up to date
poem-openapi	`^5.0`	`5.1.5`	up to date
chrono ⚠️	`^0.4`	`0.4.39`	maybe insecure
openssl ⚠️	`^0.10`	`0.10.69`	maybe insecure

Dev dependencies

(1 total, 1 possibly insecure)

Crate	Required	Latest	Status
tokio ⚠️	`^1`	`1.43.0`	maybe insecure

Crate `media-server-codecs`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
libsoxr	`^0.2`	`0.2.9`	up to date
opusic-sys	`^0.5`	`0.5.5`	up to date

Crate `media-server-multi-tenancy`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
reqwest	`^0.12`	`0.12.12`	up to date

Security Vulnerabilities

`chrono`: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

time-rs/time#293

`tokio`: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

`openssl`: `MemBio::get_buf` has undefined behavior with empty buffers

RUSTSEC-2024-0357

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

`rustls`: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.

8xff / atm0s-media-server

Crate atm0s-media-server

Dependencies

Crate media-server-protocol

Dependencies

Build dependencies

Crate media-server-utils

Dependencies

Dev dependencies

Crate media-server-core

Crate media-server-runner

Crate transport-webrtc

Dependencies

Crate transport-rtpengine

Dependencies

Crate media-server-secure

Dependencies

Crate media-server-gateway

Crate audio-mixer

Crate media-server-connector

Dependencies

Dev dependencies

Crate media-server-record

Dependencies

Dev dependencies

Crate media-server-codecs

Dependencies

Crate media-server-multi-tenancy

Dependencies

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

Impact

Workarounds

References

tokio: reject_remote_clients Configuration corruption

Workarounds

openssl: `MemBio::get_buf` has undefined behavior with empty buffers

rustls: rustls network-reachable panic in `Acceptor::accept`

Crate `atm0s-media-server`

Crate `media-server-protocol`

Crate `media-server-utils`

Crate `media-server-core`

Crate `media-server-runner`

Crate `transport-webrtc`

Crate `transport-rtpengine`

Crate `media-server-secure`

Crate `media-server-gateway`

Crate `audio-mixer`

Crate `media-server-connector`

Crate `media-server-record`

Crate `media-server-codecs`

Crate `media-server-multi-tenancy`

`chrono`: Potential segfault in `localtime_r` invocations

`tokio`: reject_remote_clients Configuration corruption

`openssl`: `MemBio::get_buf` has undefined behavior with empty buffers

`rustls`: rustls network-reachable panic in `Acceptor::accept`