search

jonhoo / rust-imap

IMAP client library for Rust
Apache License 2.0
477 stars 80 forks source link

Ouroboros is Unsound -- RUSTSEC-2023-0042 #264

Closed wookietreiber closed 1 year ago

wookietreiber commented 1 year ago

Unfortunate news, but may be relevant before v3 release: https://rustsec.org/advisories/RUSTSEC-2023-0042

$ cargo audit
...
Crate:     ouroboros
Version:   0.15.6
Warning:   unsound
Title:     Ouroboros is Unsound
Date:      2023-06-11
ID:        RUSTSEC-2023-0042
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0042
Dependency tree:
ouroboros 0.15.6
└── imap 3.0.0-alpha.10
...
wookietreiber commented 1 year ago

Might be fixed by https://github.com/jonhoo/rust-imap/pull/265.

jonhoo commented 1 year ago

265 is now merged and according to the advisory, 0.16 does not have this issue any more, so I think we're good! I'll cut a new alpha soon-ish :) If I forget, please ping me!