-
Notifications
You must be signed in to change notification settings - Fork 222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issues found on dep for kvdb-rocksdb (owning_ref = "0.4.0") #659
Comments
We're not using any of these methods. That being said, a refactor to get rid of |
@ordian is |
@insipx rocksdb will be deprecated in favor for parity-db eventually, I can't tell you the timeline for that though. |
Thanks @ordian, I going to close this thread, feel free to reopen if needed. |
@ordian from serai-dex/serai#81
Could you at least bump or accept a PR to bump rocksdb to 0.19 given the lack of timeline? |
I'd request either both of the above issues are fixed or this library is actually marked as deprecated. Marking wontfix on security issues due to planned deprecation is effective deprecation. Parity needs to take ownership of this library or acknowledge that. |
I already mentioned this issue doesn't apply to |
Yes, sure. And just to be clear, |
I will make a PR later today, as I have done such an upgrade quite recently. |
I've got an idea how to remove |
The issue is described on https://rustsec.org/advisories/RUSTSEC-2022-0040 and https://github.com/noamtashma/owning-ref-unsoundness, it was catch by the
cargo-deny
checker and affects the kv-rocksdbThe text was updated successfully, but these errors were encountered: