mongo-rust-driver icon indicating copy to clipboard operation
mongo-rust-driver copied to clipboard

Published 20 hours ago verified publisher icon mongodb

`chrono` dependency `CVE-2020-26235`

Open brunobell opened this issue 2 years ago • 2 comments

Hi, thank you guys for all the work of a pure Rust mongodb driver. But do you have plans to update chrono features to avoid cargo-audit reporting CVE-2020-26235? FYI: https://github.com/chronotope/chrono/issues/602

brunobell avatar Oct 14 '22 02:10 brunobell

Oh sorry, the master branch already has it updated. Will update mongodb dependency to latest version.

brunobell avatar Oct 14 '22 02:10 brunobell

Seems the update is not included in version 2.3.1

brunobell avatar Oct 14 '22 02:10 brunobell

Hi @brunobell, this change will be included in version 2.4.0. Feel free to follow RUST-1372 for updates on when that release will occur.

isabelatkinson avatar Oct 21 '22 14:10 isabelatkinson

Hi @brunobell, this change will be included in version 2.4.0. Feel free to follow RUST-1372 for updates on when that release will occur.

Ahh ok, thanks!

brunobell avatar Oct 24 '22 14:10 brunobell