Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUSTSEC-2021-0153: encoding is unmaintained #577

Open
jayvdb opened this issue Oct 22, 2024 · 1 comment
Open

RUSTSEC-2021-0153: encoding is unmaintained #577

jayvdb opened this issue Oct 22, 2024 · 1 comment
Labels
A-lib Area: library C-encoding Crate: dicom-encoding security

Comments

@jayvdb
Copy link
Contributor

jayvdb commented Oct 22, 2024

Running osv-scanner on this repo results in only one RUSTSEC https://osv.dev/vulnerability/RUSTSEC-2021-0153

cargo-deny also fails because of this.

dicom-encoding crate includes

encoding = "0.2.33"

There is no updated version, because it is unmaintained. c.f. lifthrasiir/rust-encoding#127

This presents a problem for safety critical medical devices using that crate.

The recommended alternative is https://github.com/hsivonen/encoding_rs . Probably isnt too much effort to switch over. I can give it a go unless there are objections or other factors to be considered.

@Enet4
Copy link
Owner

Enet4 commented Oct 22, 2024

Thank you for reporting. That is a known situation which is being tracked in #200. If you or someone else can do the switch to encoding_rs while keeping support for the existing text encodings and retaining compliance to the current TextCodec API, I would be very grateful. Feel free to ask questions or reach out on Zulip if you need more assistance.

@Enet4 Enet4 added A-lib Area: library C-encoding Crate: dicom-encoding security labels Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-lib Area: library C-encoding Crate: dicom-encoding security
Projects
None yet
Development

No branches or pull requests

2 participants