ethsign icon indicating copy to clipboard operation
ethsign copied to clipboard

Published 20 hours ago verified publisher icon tomusdrw

new release

Open ulrichard opened this issue 2 years ago • 2 comments

With the last released version 0.8.0 of ethsign, "cargo audit" complains about outdated vulnerable AES dependencies. If I use the master branch instead, these warnings are gone. I prefer to use released versions from crates.io. So what is holding back a new release?

ulrichard avatar May 10 '22 09:05 ulrichard

I took a look at upgrading the aes dependency, however, it seems that the feature that is used in ethsign-crypto of aes called crt is no longer available in 0.8. I found a the https://docs.rs/ctr/latest/ctr/ crate but I don't feel experienced enough with cryptography to comprehend how to refactor the code where the current aes::Aes128Ctr is used.

elpiel avatar Jun 17 '22 07:06 elpiel

If you could create a release from the current master branch, and publish that to crates.io, that would already help us.

ulrichard avatar Jun 24 '22 06:06 ulrichard

ethsign=0.9.0 and ethsign-crypto=0.3.0 are out now. Sorry for the delay.

tomusdrw avatar May 31 '23 09:05 tomusdrw