search

matrix-org / vodozemac

An implementation of Olm and Megolm in pure Rust.
Apache License 2.0
155 stars 29 forks source link

RUSTSEC-2024-0368: olm-sys: wrapped library unmaintained, potentially vulnerable #174

Closed github-actions[bot] closed 2 weeks ago

github-actions[bot] commented 2 weeks ago

olm-sys: wrapped library unmaintained, potentially vulnerable

Details
Package olm-sys
Version 1.3.2
URL https://gitlab.gnome.org/BrainBlasted/olm-sys/-/issues/12
Date 2024-09-02

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind.

Users of olm-sys and its higher-level abstraction, olm-rs, are highly encouraged to switch to vodozemac as soon as possible. It is the successor effort to libolm and is written in Rust.

See advisory page for additional details.

poljar commented 2 weeks ago

olm-rs is only used as a dev dependency to ensure compatibility with libolm.