[SECURITY] - upgrade chrono->time dependency

veeso / suppaftp

a super FTP/FTPS client library for Rust with support for both passive and active mode

Apache License 2.0

112 stars 28 forks source link

Closed sagiegurari closed 1 year ago

sagiegurari commented 1 year ago

Chrono version used by this crate is really old and its using a really old time crate with a security issue (possible segmentation fault). see https://github.com/time-rs/time/issues/293 https://github.com/chronotope/chrono/issues/499

Severity:

A clear and concise description of the security vulnerability.

Add any other context about the problem here.

veeso commented 1 year ago

Thanks for reporting, fixed in 5.1.2

No, actually chrono is the latest version, the issue is that the latest version comes with the security issue if clock feature is not enabled.