This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate kvarn

Dependencies

(30 total, 1 possibly insecure)

CrateRequiredLatestStatus
 bytes^11.10.1up to date
 compact_str^0.9.00.9.0up to date
 log^0.40.4.26up to date
 time^0.30.3.40up to date
 socket2^0.5.30.5.8up to date
 h2^0.4.50.4.8up to date
 http^1.01.3.1up to date
 mime^0.30.3.17up to date
 mime_guess^22.0.5up to date
 tree_magic_mini^33.1.6up to date
 percent-encoding^22.3.1up to date
 tokio^1.241.44.1up to date
 kvarn-tokio-uring^0.4.0-alpha1N/Aup to date
 moka^0.120.12.10up to date
 dashmap^66.1.0up to date
 rustls ⚠️^0.23.80.23.25maybe insecure
 rustls-pemfile^2.12.2.0up to date
 rustls-webpki^0.1030.103.0up to date
 base64^0.220.22.1up to date
 memchr^22.7.4up to date
 rand^0.90.9.0up to date
 brotli^77.0.0up to date
 flate2^11.1.0up to date
 zstd^0.130.13.3up to date
 tokio-tungstenite^0.260.26.2up to date
 sha-1^0.100.10.1up to date
 futures-util^0.30.3.31up to date
 h3^0.0.70.0.7up to date
 h3-quinn^0.0.90.0.9up to date
 quinn^0.11.10.11.7up to date

Crate kvarn_async

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^11.10.1up to date
 http^1.01.3.1up to date
 tokio^1.241.44.1up to date

Crate kvarn_utils

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 log^0.40.4.26up to date
 bytes^11.10.1up to date
 http^1.01.3.1up to date
 percent-encoding^2.32.3.1up to date
 compact_str^0.90.9.0up to date

Crate kvarn_signal

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 log^0.40.4.26up to date
 tokio^1.241.44.1up to date
 kvarn-tokio-uring^0.4.0-alpha1N/Aup to date
 notify^88.0.0up to date

Crate kvarn_testing

Dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 reqwest^0.120.12.15up to date
 rand^0.90.9.0up to date
 rcgen^0.130.13.2up to date
 tokio^1.241.44.1up to date
 rustls ⚠️^0.23.80.23.25maybe insecure
 env_logger^0.110.11.7up to date
 log^0.4.190.4.26up to date

Crate kvarn-extensions

Dependencies

(15 total, 1 possibly insecure)

CrateRequiredLatestStatus
 futures-util^0.30.3.31up to date
 kvarn-fastcgi-client^0.90.9.0up to date
 tokio^1.241.44.1up to date
 kvarn-tokio-uring^0.4.0-alpha1N/Aup to date
 async_chunked_transfer^1.41.4.0up to date
 percent-encoding^22.3.1up to date
 memchr^22.7.4up to date
 small-acme^0.2.20.2.2up to date
 x509-parser^0.170.17.0up to date
 rustls ⚠️^0.23.80.23.25maybe insecure
 ron^0.90.9.0up to date
 rcgen^0.130.13.2up to date
 rustls-pemfile^22.2.0up to date
 rand^0.90.9.0up to date
 dashmap^66.1.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tokio^1.241.44.1up to date

Crate kvarn-chute

Dependencies

(14 total, all up-to-date)

CrateRequiredLatestStatus
 colored^3.03.0.0up to date
 pulldown-cmark^0.130.13.0up to date
 notify^88.0.0up to date
 unicode_categories^0.10.1.1up to date
 time^0.30.3.40up to date
 time-tz^22.0.0up to date
 kvarn_utils^0.60.6.1up to date
 clap^44.5.32up to date
 clap_autocomplete>=0.4.10.4.2up to date
 env_logger^0.110.11.7up to date
 log^0.4.170.4.26up to date
 notify-debouncer-full^0.50.5.0up to date
 syntect^5.0.05.2.0up to date
 lazy_static^1.4.01.5.0up to date

Crate url-crawl

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 log^0.40.4.26up to date
 memchr^22.7.4up to date

Crate kvarnctl

Dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 clap^44.5.32up to date
 clap_autocomplete^0.4.10.4.2up to date
 env_logger^0.110.11.7up to date
 log^0.40.4.26up to date
 tokio^1.241.44.1up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.