Skip to content

cargo_audit: Bump rustls to 0.23.18.

gabi-250 requested to merge gabi-250/arti:bump-rustls into main

rustls 0.23.13 introduced a bug that causes Acceptor::accept to panic if the client hello is fragmented (see RUSTSEC-2024-0399).

We don't currently use rustls::server::Acceptor::accept() anywhere in arti (that I know of, at least), so I don't believe we're affected.

Merge request reports

Loading