Closed github-actions[bot] closed 4 months ago
xml-rs is Unmaintained
xml-rs
0.8.4
xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data.
Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data.
See advisory page for additional details.
Fix: migrate to quick-xml and replace escape_str_attribute in writer.rs with the quick-xml escape function.
escape_str_attribute
escape
xml-rs has been revived, and the advisory has been retracted.
xml-rs
0.8.4
xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data.
Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data.
Alternatives
See advisory page for additional details.