Actions
Bug #18766
closedSecurity vulnerability in arc-swap
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
Description
error[A001]: Dangling reference in `access::Map` with Constant ┌─ /home/amousset/projects/rudder/relay/sources/relayd/Cargo.lock:3:1 │ 3 │ arc-swap 0.4.6 registry+https://github.com/rust-lang/crates.io-index │ -------------------------------------------------------------------- security vulnerability detected │ = ID: RUSTSEC-2020-0091 = Advisory: https://rustsec.org/advisories/RUSTSEC-2020-0091 = Using the `arc_swap::access::Map` with the `Constant` test helper (or with user-provided implementation of the `Access` trait) could sometimes lead to the map returning dangling references. Replaced by implementation without `unsafe`, at the cost of added `Clone` bound on the closure and small penalty on performance. = Announcement: https://github.com/vorner/arc-swap/issues/45 = Solution: Upgrade to >=1.1.0 OR >=0.4.8 = arc-swap v0.4.6 └── signal-hook-registry v1.2.0 └── tokio-signal v0.2.9 ├── relayd v0.0.0-dev └── tokio-process v0.2.5 └── relayd v0.0.0-dev (*)
only present on 6.1.
Updated by Alexis Mousset about 4 years ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset about 4 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder/pull/3446
Updated by Alexis Mousset about 4 years ago
- Assignee changed from Benoît PECCATTE to Gaëtan POBLON
Updated by Alexis Mousset about 4 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|8860c74bd5ae063e4b1278827c8b23cd3b84b5b7.
Updated by Alexis Mousset almost 4 years ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ almost 4 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.1.8 and 6.2.1 which were released today.
Actions