Task #8269
closedrust: suppress nugatory RUSTSEC-2026-0009 for time crate
Description
Issue : Cargo audit is reporting security issue with time crate: https://github.com/OISF/suricata/actions/runs/21741599663/job/62718064898?pr=14761
Impact on Suricata : Suricata does not seem to use any of the affected fns (see: https://rustsec.org/advisories/RUSTSEC-2026-0009)
Problem with updating the crate anyway to stay current :
- rust version mismatch: The new time crate depends on a feature (edition2024) that is available since Rust 1.85.0+ ref: https://blog.rust-lang.org/2025/02/20/Rust-1.85.0/#rust-2024
Jason says:
Suppressing the warning is probably better for now. This affects 8.0 as well, and we will not be bumping the MSRV there.
The security advisory is about RFC 2822 parsing, and in 8.0, none of our usages, including those of dependencies.
OT Updated by OISF Ticketbot about 2 months ago
- Subtask #8270 added
OT Updated by OISF Ticketbot about 2 months ago
- Label deleted (
Needs backport to 8.0)
SB Updated by Shivani Bhardwaj about 2 months ago
- Difficulty set to low
SB Updated by Shivani Bhardwaj about 2 months ago
- Related to Task #7745: rust: set new minimum Rust version for Suricata 9.0 added
SB Updated by Shivani Bhardwaj about 2 months ago
- Status changed from Assigned to In Review
PA Updated by Philippe Antoine about 2 months ago
- Status changed from In Review to Resolved
https://github.com/OISF/suricata/pull/14775 fixed this, right ?
PA Updated by Philippe Antoine about 2 months ago
- Status changed from Resolved to Closed