tauri icon indicating copy to clipboard operation
tauri copied to clipboard
verified publisher icon tauri-apps

RUSTSEC-2022-0048: xml-rs is Unmaintained

Open github-actions[bot] opened this issue 3 years ago • 2 comments

xml-rs is Unmaintained

Details
Status unmaintained
Package xml-rs
Version 0.8.4
URL https://github.com/netvl/xml-rs/issues
Date 2022-01-26

xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data.

Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data.

Alternatives

See advisory page for additional details.

github-actions[bot] avatar Aug 16 '22 00:08 github-actions[bot]

https://github.com/netvl/xml-rs/issues/221

FabianLars avatar Aug 16 '22 10:08 FabianLars

https://github.com/ebarnard/rust-plist/issues/68 I think the sole cause for the quick-xml dependency is from plist dependency. Above is the issue to replace xml-rs with quick-xml in plist

ozgunozerk avatar Oct 06 '22 06:10 ozgunozerk