Skip to content

Commit

Permalink
v1.3.11: Revert binary serde_derive plugin
Browse files Browse the repository at this point in the history
  • Loading branch information
emk committed Aug 20, 2023
1 parent 7afb945 commit 1e331cc
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.3.11] - 2023-08-20

### Security

- Roll back `serde_derive` to version 1.0.171 and pin it there, to avoid using [the new `serde_derive` that uses a pre-built binary compiler plugin](https://github.com/serde-rs/serde/issues/2538). The binary plugin has not been successfully reproduced from source when I last looked, and it represents an unacceptable security risk, since it can't be audited without disassembling the binary code. We'll need a longer-term plan for this.

## [1.3.10] - 2023-08-11

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "geocode-csv"
version = "1.3.10"
version = "1.3.11"
authors = ["Eric Kidd <[email protected]>"]
edition = "2018"

Expand Down

0 comments on commit 1e331cc

Please sign in to comment.