Task #8467: rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand) - Suricata - Open Information Security Foundation

Actions

Copy link

Task #8467

open

JI JI

rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand)

Task #8467: rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand)

Added by Jason Ish 1 day ago. Updated 1 day ago.

Status:

In Review

Priority:

Normal

Assignee:

Jason Ish

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

Rand 0.8.5 triggers this cargo audit notice:


Crate:     rand
Version:   0.8.5
Warning:   unsound
Title:     Rand is unsound with a custom logger using `rand::rng()`
Date:      2026-04-09
ID:        RUSTSEC-2026-0097
URL:       https://rustsec.org/advisories/RUSTSEC-2026-0097
Dependency tree:
rand 0.8.5
└── phf_generator 0.10.0
    └── phf_codegen 0.10.0
        └── tls-parser 0.11.0
            └── suricata 9.0.0-dev

Reference: https://rustsec.org/advisories/RUSTSEC-2026-0097

Updating to rand 0.10.0 requires an MSRV of 1.85; however, we can safely suppress this report as the "log" feature is not enabled in our dependency chain.

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Task #8467

rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand)

JI Updated by Jason Ish 1 day ago Actions
Copy link
#1

Project

General

Profile

Suricata

Custom queries

Task #8467

rust: suppress rust audit notice for RUSTSEC-2026-0097 (rand)

JI Updated by Jason Ish 1 day ago ActionsCopy link #1

JI Updated by Jason Ish 1 day ago Actions
Copy link
#1