-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RUSTSEC-2021-0019 - Multiple soundness issues, maintenance status #107
Comments
Hi. Thanks for this. Indeed over the last few years I couldn't support rust-xcb the way it deserved. There was a call for mainteners in the Readme that I have removed since as I am now able to support actively. |
|
|
v1.0.0 is released. |
There's an advisory out for XCB. The individual issues appear to be reported here but i don't see any response from you on any of them:
The issue with details also says XCB is unmaintained but i can see commits on a branch from a week ago. Are you still maintaining this crate? If so, would you, please, look at those issues? XCB is (transitively) a dependency of a lot of crates such as egui, conrod, alacritty and rg3d, though i don't know how many use the relevant functions.
I understand maintaining a popular crate is a lot of work and often not even interesting work. Would you be open to spreading the responsibility around a little? Perhaps you could create a Github organization with maintainers of some of these big crates as members if they would be interested. I also usually suggest using Rust Bus.
Finally, since this is a security issue, would you pin it so it receives more attention?
Edit(2021-11-07): One more advisory:
This is actually older but our CI only picked it up recently fsr. Adding it here so it's all in one place.
The text was updated successfully, but these errors were encountered: