As always, you can sign up for our security announcements mailing list. It’s only posted to when there is a security announcement.https://groups.google.com/forum/m/#!forum/rustlang-security-announcements …
-
-
Show this thread
-
We’ve published 1.29.1 with a fix for the str::repeat issuehttps://blog.rust-lang.org/2018/09/25/Rust-1.29.1.html …
Show this thread
End of conversation
New conversation -
-
-
sincere questions: was there an explicit decision not to backport the fix to 1.26, 1.27, and 1.28 stable series? Are stable releases considered frozen once their six week window ends?
-
Currently, we only support the latest stable. We may make exceptions in extremely serious cases; this isn’t one of them.
- 2 more replies
New conversation -
-
-
Is there a warning in cargo, so that if you would use a vulnerable rust version it warns you that you have to update rust + recompile your code, if you're affected?
-
There is not; we don’t have any infrastructure for that kind of thing.
End of conversation
New conversation -
-
-
"If you are not using str::repeat, you are not affected." That's not fully true, though. If any of the dependencies of my crate uses the function, my crate is affected. And since it's std lib, it's not easy to look at my crate's deps and tell if it's used it not. Right?
-
Cargo vendor + ripgrep
End of conversation
New conversation -
-
-
...as always, pls do check the freaking function inputs!!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Probably hard to tell if you dependencies use str::repeat thought. Is there a cargo cve tool or similar?
-
There is https://crates.io/crates/cargo-audit … Not sure if it works recursively though, or just on root deps.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.