search

stackabletech / product-config

A library to validate product configuration properties with regard to version, data type, minimum and maximum bounds, dependencies and roles
Apache License 2.0
2 stars 1 forks source link

RUSTSEC-2022-0048: xml-rs is Unmaintained #74

Closed github-actions[bot] closed 4 months ago

github-actions[bot] commented 2 years ago

xml-rs is Unmaintained

Details
Status unmaintained
Package xml-rs
Version 0.8.4
URL https://github.com/netvl/xml-rs/issues
Date 2022-01-26

xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data.

Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data.

Alternatives

See advisory page for additional details.

fhennig commented 1 year ago

Fix: migrate to quick-xml and replace escape_str_attribute in writer.rs with the quick-xml escape function.

nightkr commented 4 months ago

xml-rs has been revived, and the advisory has been retracted.