This project might be open to known security vulnerabilities , which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom .
Crate jinshu-utils Dependencies (6 total, 2 outdated, 1 possibly insecure)
Dev dependencies (3 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status tokio ⚠️ ^1.171.47.1maybe insecure rand ^0.80.9.2out of date serde_json ^11.0.142up to date
Crate jinshu-protocol Dependencies (13 total, 2 outdated)
Crate jinshu-sdk Dependencies (14 total, 5 outdated, 1 possibly insecure)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status tracing ^0.10.1.41up to date
Crate jinshu-database Dependencies (3 total, 2 outdated)
Crate Required Latest Status sea-orm ^0.71.1.14out of date serde ^11.0.219up to date time ^0.2.270.3.41out of date
Crate jinshu-redis Dependencies (5 total, 3 outdated)
Crate jinshu-queue Dependencies (10 total, 3 outdated, 1 possibly insecure)
Crate jinshu-tracing Dependencies (7 total, 3 outdated)
Crate jinshu-common Dependencies (4 total, 3 outdated)
Crate Required Latest Status clap ^34.5.42out of date serde ^11.0.219up to date config ^0.120.15.13out of date thiserror ^12.0.12out of date
Dev dependencies (3 total, all up-to-date)
Crate Required Latest Status temp-dir ^0.10.1.16up to date serde_json ^11.0.142up to date uuid ^1.0.0-alpha.11.17.0up to date
Crate jinshu-rpc Dependencies (15 total, 7 outdated, 1 possibly insecure)
Dev dependencies (4 total, 1 outdated, 1 possibly insecure)
Crate Required Latest Status rand ^0.80.9.2out of date uuid ^1.0.0-alpha.11.17.0up to date tokio ⚠️ ^1.171.47.1maybe insecure tokio-stream ^0.10.1.17up to date
Build dependencies (2 total, 1 outdated)
Crate jinshu-api No external dependencies! 🙌
Crate jinshu-comet Dependencies (17 total, 4 outdated, 1 possibly insecure)
Crate jinshu-receiver Dependencies (10 total, 4 outdated, 1 possibly insecure)
Crate Required Latest Status tokio ⚠️ ^1.171.47.1maybe insecure futures ^0.30.3.31up to date tonic ^0.60.14.0out of date anyhow ^11.0.98up to date url ^2.22.5.4up to date config ^0.120.15.13out of date tracing ^0.10.1.41up to date serde ^11.0.219up to date rdkafka ^0.280.38.0out of date pulsar ^4.16.3.1out of date
Crate jinshu-gateway Dependencies (10 total, 4 outdated, 1 possibly insecure)
Dev dependencies (4 total, 2 outdated)
Crate Required Latest Status reqwest ^0.110.12.22out of date argon2 ^0.40.5.3out of date url ^22.5.4up to date serde_repr ^0.10.1.20up to date
Crate jinshu-pusher Dependencies (10 total, 3 outdated, 1 possibly insecure)
Crate jinshu-timer No external dependencies! 🙌
Crate jinshu-admin No external dependencies! 🙌
Crate jinshu-storage Dependencies (7 total, 1 outdated, 1 possibly insecure)
Crate jinshu-authorizer Dependencies (8 total, 2 outdated, 1 possibly insecure)
Crate jinshu-file No external dependencies! 🙌
Security Vulnerabilities tokio: reject_remote_clients Configuration corruptionRUSTSEC-2023-0001
On Windows, configuring a named pipe server with pipe_mode will force ServerOptions ::reject_remote_clients as false.
This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.
The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.
Workarounds
Ensure that pipe_mode is set first after initializing a ServerOptions . For example:
let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);
Patched
>=1.18.4, <1.19.0
>=1.20.3, <1.21.0
>=1.23.1
