RUSTSEC-2023-0071 — heartwood

Some interactive elements (branch dropdowns, the user menu, the clone popover) need JavaScript. Reading repositories, issues, patches, and the docs works without it; submitting forms also works as long as you can reach them via direct links.

heartwood

Radicle Heartwood Protocol & Stack

RUSTSEC-2023-0071

lorenz opened 2 years ago

See https://rustsec.org/advisories/RUSTSEC-2023-0071.

Radicle depends on the vulnerable rsa crate.

Please subscribe to:

https://github.com/RustCrypto/RSA/issues/19
https://github.com/RustCrypto/RSA/pull/394

Bump rsa as soon as there's a fix.

z6MkireR...3voM commented 1 year ago

The good news is that we don't use RSA directly, so I'm pretty sure we don't hit that code path.

z6MkgFq6...nBGz added type=bug 8 months ago

z6MkgFq6...nBGz added type=radicle-crypto 8 months ago

z6MkgFq6...nBGz removed type=radicle-crypto 8 months ago

z6MkgFq6...nBGz added crate=radicle-crypto 8 months ago