-
Notifications
You must be signed in to change notification settings - Fork 369
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
multipart
Status
#1438
Labels
Unmaintained
Informational / Unmaintained
Comments
pinkforest
added
Unmaintained
Informational / Unmaintained
Waiting-Maintainer
Waiting-Maintainer
labels
Oct 16, 2022
According to GitHub, @abonander archived the |
This was referenced Feb 20, 2023
Merged
Ok - I think we may need to flag unmaintained status on this crate I noticed
There also seems I wonder if there are other forks / impls we could potentially refer to ? |
Advisory published #1679 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6,789,801 downloads all time, ~12k a day.
Whilst going through
iron
- #1424 - and some other crates around the space I forgot to flagmultipart
to clarify it's status.@abonander - Just wondering is
multipart
still being actively maintained or would be it be deprecated ?These issues caught my eye - some of the I think are
hyper
a bit like iniron
:twoway
- Add unmaintainedtwoway
#1435form.prepare()?.boundary()
twice panics abonander/multipart#122 - PanicHyper/Iron are optional dependencies though -
Considering
hyper
has several advisories - some related to the above.Normally this wouldn't be an issue with the optional deps as the advisory pops up via hyper picked up -
But I'm just wondering whether this all maintained considering outdated deps e.g. hyper w/ advisories -
There is no upgrade path to hyper current track 0.14
Issue essentially seems that the crate forces to use very old version of hyper from 0.11 track from 5 yrs ago ?
NOTE: Some of these MAY NOT be applicable - No further analysis has been done yet
NOTE.2: Maintainer is the first point to verify these issues whether affected or not
Parser creates invalid uninitialized value - >= 0.14.12
https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2022-0022.md
Integer overflow in hyper's parsing of the Transfer-Encoding - >= 0.14.10
https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2021-0079.md
Lenient hyper header parsing of Content-Length - >= 0.14.10
https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2021-0078.md
Unaffected - Only between 0.12.0 < 0.14.3
https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2021-0020.md
Unaffected - Only between 0.11.0 < 0.12.34
https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2020-0008.md
Headers containing newline characters - >= 0.10.2", "< 0.10.0, >= 0.9.18"
https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2017-0002.md
HTTPS MitM vulnerability - >= 0.9.4
https://github.com/rustsec/advisory-db/blob/main/crates/hyper/RUSTSEC-2016-0002.md
The text was updated successfully, but these errors were encountered: