Task #8269
closedrust: suppress nugatory RUSTSEC-2026-0009 for time crate
Description
Issue : Cargo audit is reporting security issue with time crate: https://github.com/OISF/suricata/actions/runs/21741599663/job/62718064898?pr=14761
Impact on Suricata : Suricata does not seem to use any of the affected fns (see: https://rustsec.org/advisories/RUSTSEC-2026-0009)
Problem with updating the crate anyway to stay current :
- rust version mismatch: The new time crate depends on a feature (edition2024) that is available since Rust 1.85.0+ ref: https://blog.rust-lang.org/2025/02/20/Rust-1.85.0/#rust-2024
Jason says:
Suppressing the warning is probably better for now. This affects 8.0 as well, and we will not be bumping the MSRV there.
The security advisory is about RFC 2822 parsing, and in 8.0, none of our usages, including those of dependencies.
Updated by OISF Ticketbot about 1 month ago
- Label deleted (
Needs backport to 8.0)
Updated by Shivani Bhardwaj about 1 month ago
- Related to Task #7745: rust: set new minimum Rust version for Suricata 9.0 added
Updated by Shivani Bhardwaj about 1 month ago
- Status changed from Assigned to In Review
Updated by Philippe Antoine 30 days ago
- Status changed from In Review to Resolved
https://github.com/OISF/suricata/pull/14775 fixed this, right ?