This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate starling

Dependencies

(26 total, 4 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 bincode^1.3.31.3.3up to date
 blake2-rfc^0.2.180.2.18up to date
 serde^1.0.1381.0.197up to date
 serde_json^1.0.821.0.115up to date
 ciborium^0.2.00.2.2up to date
 serde_yaml^0.8.240.9.34+deprecatedout of date
 serde-pickle^1.1.11.1.1up to date
 ron^0.7.10.8.1out of date
 groestl^0.10.10.10.1up to date
 openssl ⚠️^0.10.400.10.64maybe insecure
 tiny-keccak^2.0.22.0.2up to date
 hashbrown^0.12.10.14.3out of date
 rocksdb ⚠️^0.18.00.22.0out of date
 seahash^4.1.04.1.0up to date
 fxhash^0.2.10.2.1up to date
 rand^0.8.50.8.5up to date
 digest^0.10.30.10.7up to date
 blake2^0.10.40.10.6up to date
 md2^0.10.10.10.2up to date
 md4^0.10.10.10.2up to date
 md-5^0.10.10.10.6up to date
 ripemd^0.1.10.1.3up to date
 sha-1^0.10.00.10.1up to date
 sha2^0.10.20.10.8up to date
 sha3^0.10.10.10.8up to date
 whirlpool^0.10.10.10.4up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.3.50.5.1out of date
 rand^0.8.50.8.5up to date

Security Vulnerabilities

rocksdb: Out-of-bounds read when opening multiple column families with TTL

RUSTSEC-2022-0046

Affected versions of this crate called the RocksDB C API rocksdb_open_column_families_with_ttl() with a pointer to a single integer TTL value, but one TTL value for each column family is expected.

This is only relevant when using rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl() with multiple column families.

This bug has been fixed in v0.19.0.

openssl: `openssl` `X509VerifyParamRef::set_host` buffer over-read

RUSTSEC-2023-0044

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.