Migrate `webpki` dependency to `rustls-webpki` to mitigate RUSTSEC-2023-0052
fuchsnj opened this issue · comments
There is a security advisory for a CPU denial of service in the webpki
crate, which is a dependency of bollard
.
The webpki
crate appears to be unmaintained. The latest version of rustls-webpki
contains a fix for this.
Advisory: https://rustsec.org/advisories/RUSTSEC-2023-0052.html
Thanks for the PR #328 let's close this
Would it be possible to do a patch release that includes this fix?
We can use a git commit in Cargo.toml for now to avoid the security advisory warning, but that feels a little clunky.
Yes, I can try to schedule a patch release in a couple of weeks when I'm back and have some time.
Much appreciated, and thank you for all of your hard work on this library!