diff options
| author | dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2024-04-19 19:54:12 +0000 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2024-04-19 22:30:49 +0100 |
| commit | 237a26aafc4f2572668d0063228929f482073691 (patch) | |
| tree | 035b1023fc5ce31b1863eaddc6ddb795ee74cb7f | |
| parent | d7ce356957c1c2e515ceea7e78fd7cba411e9152 (diff) | |
| download | unit-237a26aafc4f2572668d0063228929f482073691.tar.gz unit-237a26aafc4f2572668d0063228929f482073691.tar.bz2 | |
wasm-wc: Bump the rustls crate from 0.21.10 to 0.21.11
Bumps <https://github.com/rustls/rustls> from 0.21.10 to 0.21.11.
"This release corrects a denial-of-service condition in
rustls::ConnectionCommon::complete_io(), reachable via network input. If
a close_notify alert is received during a handshake, complete_io() did
not terminate. Callers which do not call complete_io() are not
affected."
The wasm-wasi-component language module is not effected by this as it
doesn't handle client connections, Unit does.
Link: Release notes <https://github.com/rustls/rustls/releases>
Link: Commits <https://github.com/rustls/rustls/compare/v/0.21.10...v/0.21.11>
Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Andrew Clayton <a.clayton@nginx.com>
[ Tweaked commit message/subject - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
| -rw-r--r-- | src/wasm-wasi-component/Cargo.lock | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/wasm-wasi-component/Cargo.lock b/src/wasm-wasi-component/Cargo.lock index 7631b716..3c6b0410 100644 --- a/src/wasm-wasi-component/Cargo.lock +++ b/src/wasm-wasi-component/Cargo.lock @@ -1160,9 +1160,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.10" +version = "0.21.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" +checksum = "7fecbfb7b1444f477b345853b1fce097a2c6fb637b2bfb87e6bc5db0f043fae4" dependencies = [ "log", "ring", |