The current release of rust-s3 uses rustls 0.20 via attohttpc. Unfortunately, the fixes for RUSTSEC-2024-0336 start in the 0.21 series. This means that users of the stable version of rust-s3 are unable to update rustls to address this issue.
It looks like the release candidates for rust-s3 allow newer versions of rust-s3 to be used. Is it possible to make a release to address this?
The current release of rust-s3 uses
rustls 0.20
viaattohttpc
. Unfortunately, the fixes for RUSTSEC-2024-0336 start in the0.21
series. This means that users of the stable version ofrust-s3
are unable to updaterustls
to address this issue.It looks like the release candidates for
rust-s3
allow newer versions ofrust-s3
to be used. Is it possible to make a release to address this?