You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@arrow.apache.org by "Paddy Horan (Jira)" <ji...@apache.org> on 2019/10/28 13:15:00 UTC
[jira] [Created] (ARROW-7006) [Rust] Bump flatbuffers version to
avoid vulnerability
Paddy Horan created ARROW-7006:
----------------------------------
Summary: [Rust] Bump flatbuffers version to avoid vulnerability
Key: ARROW-7006
URL: https://issues.apache.org/jira/browse/ARROW-7006
Project: Apache Arrow
Issue Type: Improvement
Affects Versions: 0.15.0
Reporter: Paddy Horan
From GitHub use emilk:
[{{cargo audit}}|https://github.com/RustSec/cargo-audit] output:
{{ID: RUSTSEC-2019-0028
Crate: flatbuffers
Version: 0.5.0
Date: 2019-10-20
URL: https://github.com/google/flatbuffers/issues/5530
Title: Unsound `impl Follow for bool`}}
The fix should be as simple as editing [https://github.com/apache/arrow/blob/master/rust/arrow/Cargo.toml] from {{flatbuffers = "0.5.0"}} to {{flatbuffers = "0.6.0"}}
A more longterm improvement is to add a call to {{cargo audit}} in your CI to catch these problems as early as possible
--
This message was sent by Atlassian Jira
(v8.3.4#803005)