Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump untrusted version for security #52

Closed
tirkarthi opened this issue Jun 26, 2018 · 1 comment
Closed

Bump untrusted version for security #52

tirkarthi opened this issue Jun 26, 2018 · 1 comment

Comments

@tirkarthi
Copy link

Hi,

This project seems to use untrusted = 0.5 as I can see from the cargo.toml file on master branch. Recently a security issue was fixed as part of 0.6.2 release. Please refer to rustsec/advisory-db@3c0458d .

Kindly ignore if this is irrelevant or fixed on another branch.

Thanks.
@Keats
Copy link
Owner

Keats commented Jun 28, 2018

Bumping it requires updating ring to an alpha version afaik though :/
Since only one version of ring is currently allowed in a project, it would be a breaking change to a version that lots of users might not be able to upgrade to and will need another breaking change to get rid of the alpha later.

@briansmith would you recommend updating to the alpha version of ring now or is the 0.13 release soonish?

@Keats Keats closed this as completed in 109978a Aug 13, 2018
JadedBlueEyes referenced this issue in JadedBlueEyes/jsonwebtoken Apr 13, 2023
Remove error-chain
c44cd86 
Fix #52, #56, #57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Keats @tirkarthi