Project

General

Profile

Actions
Copy link

Task #8269

open

rust: suppress nugatory RUSTSEC-2026-0009 for time crate

Added by Shivani Bhardwaj 2 days ago. Updated 1 day ago.

Status:
In Review
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
9.0.0-beta1
Effort:
Difficulty:
low
Label:

Description

Issue : Cargo audit is reporting security issue with time crate: https://github.com/OISF/suricata/actions/runs/21741599663/job/62718064898?pr=14761

Impact on Suricata : Suricata does not seem to use any of the affected fns (see: https://rustsec.org/advisories/RUSTSEC-2026-0009)

Problem with updating the crate anyway to stay current :

- rust version mismatch: The new time crate depends on a feature (edition2024) that is available since Rust 1.85.0+ ref: https://blog.rust-lang.org/2025/02/20/Rust-1.85.0/#rust-2024

Jason says:

Suppressing the warning is probably better for now. This affects 8.0 as well, and we will not be bumping the MSRV there.

The security advisory is about RFC 2822 parsing, and in 8.0, none of our usages, including those of dependencies.

Subtasks 1 (1 open0 closed)

Task #8270: rust: suppress nugatory RUSTSEC-2026-0009 for time crate (8.0.x backport)AssignedShivani BhardwajActions

Related issues 1 (1 open0 closed)

Related to Suricata - Task #7745: rust: set new minimum Rust version for Suricata 9.0NewOISF DevActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 2 days ago

  • Subtask #8270 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 2 days ago

  • Label deleted (Needs backport to 8.0)
Actions
Copy link
 #3

Updated by Shivani Bhardwaj 1 day ago

  • Difficulty set to low
Actions
Copy link
 #4

Updated by Shivani Bhardwaj 1 day ago

  • Related to Task #7745: rust: set new minimum Rust version for Suricata 9.0 added
Actions
Copy link
 #5

Updated by Shivani Bhardwaj 1 day ago

  • Status changed from Assigned to In Review
Actions
Copy link

Also available in: Atom PDF