Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

consider switching from tiny_http #155

Open
brayniac opened this issue Aug 21, 2020 · 0 comments
Open

consider switching from tiny_http #155

brayniac opened this issue Aug 21, 2020 · 0 comments

Comments

@brayniac
Copy link
Contributor

tiny_http is being flagged for having an open rustsec advisory:

error: 1 vulnerability found!
ID:       RUSTSEC-2020-0000
Crate:    tiny_http
Version:  0.6.2
Date:     2020-06-16
URL:      https://rustsec.org/advisories/RUSTSEC-2020-0000
Title:    HTTP Request smuggling through malformed Transfer Encoding headers
Solution:  No safe upgrade is available!
Dependency tree: 
tiny_http 0.6.2
└── rezolus 2.6.1-alpha.0

It doesn't look like this exposes us to any issues - but we can probably consolidate some dependencies by switching to warp as we already use reqwest which shares a depdency on hyper
@brayniac brayniac mentioned this issue Aug 21, 2020
Merged
brayniac added a commit to brayniac/rezolus-twitter that referenced this issue Aug 27, 2020
@brayniac
ci: ignore RUSTSEC-2020-0031
ddf347b 
Ignore this rustsec advisory, as with the simple HTTP API, we are
not impacted. twitter#155 to follow-up with possibly migrating away from
tiny_http
@brayniac brayniac mentioned this issue Aug 27, 2020
Merged
brayniac added a commit that referenced this issue Aug 27, 2020
@brayniac
ci: ignore RUSTSEC-2020-0031 (#164)
97d4213 
Ignore this rustsec advisory, as with the simple HTTP API, we are
not impacted. #155 to follow-up with possibly migrating away from
tiny_http
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brayniac