Project

General

Profile

Actions
Copy link

Task #8467

closed
JI JI

rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand)

Task #8467: rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand)

Added by Jason Ish 22 days ago. Updated 7 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

Rand 0.8.5 triggers this cargo audit notice:


Crate:     rand
Version:   0.8.5
Warning:   unsound
Title:     Rand is unsound with a custom logger using `rand::rng()`
Date:      2026-04-09
ID:        RUSTSEC-2026-0097
URL:       https://rustsec.org/advisories/RUSTSEC-2026-0097
Dependency tree:
rand 0.8.5
└── phf_generator 0.10.0
    └── phf_codegen 0.10.0
        └── tls-parser 0.11.0
            └── suricata 9.0.0-dev

Reference: https://rustsec.org/advisories/RUSTSEC-2026-0097

Updating to rand 0.10.0 requires an MSRV of 1.85; however, we can safely suppress this report as the "log" feature is not enabled in our dependency chain.

Subtasks 1 (0 open1 closed)

Task #8476: rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand) (8.0.x backport)ClosedJason IshActions

JI Updated by Jason Ish 22 days ago Actions
Copy link
 #1

  • Status changed from In Progress to In Review

JI Updated by Jason Ish 20 days ago Actions
Copy link
 #2

  • Status changed from In Review to Closed

JI Updated by Jason Ish 20 days ago Actions
Copy link
 #3

  • Status changed from Closed to New
  • Label Needs backport to 8.0 added

OT Updated by OISF Ticketbot 20 days ago Actions
Copy link
 #4

  • Subtask #8476 added

OT Updated by OISF Ticketbot 20 days ago Actions
Copy link
 #5

  • Label deleted (Needs backport to 8.0)

JI Updated by Jason Ish 20 days ago Actions
Copy link
 #6

  • Status changed from New to Resolved

PA Updated by Philippe Antoine 7 days ago Actions
Copy link
 #7

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom