The current release of rust-s3 uses rustls 0.20 via attohttpc. Unfortunately, the fixes for RUSTSEC-2024-0336 start in the 0.21 series. This means that users of the stable version of rust-s3 are unable to update rustls to address this issue.
It looks like the release candidates for rust-s3 allow newer versions of rust-s3 to be used. Is it possible to make a release to address this?
durch
commented
1 week ago
The current release of rust-s3 uses
rustls 0.20viaattohttpc. Unfortunately, the fixes for RUSTSEC-2024-0336 start in the0.21series. This means that users of the stable version ofrust-s3are unable to updaterustlsto address this issue.It looks like the release candidates for
rust-s3allow newer versions ofrust-s3to be used. Is it possible to make a release to address this?