Security Advisory for Rustdoc

steveklabnik · July 6, 2018, 7:50pm

We have a security advisory for rustdoc today. Please read and share widely:

scottmcm · July 6, 2018, 8:48pm

The plugin infrastructure predates 1.0 and is not usable on stable or nightly Rust today. Its removal should not impact any Rust users.

Best kind of security bug

Also, kudos for the nicely-phrased "no, Rust doesn't prevent all bugs" paragraph

U007D · July 8, 2018, 12:16am

Love the way this disclosure is being handled. Kudos to everyone involved.

juleskers · July 10, 2018, 11:21am

Excellent handling! Good that you use this low-risk incident as a "dress rehearsal"!

.. Rust’s first official CVE, this is somewhat of a milestone for us ..

I say we print an award certficate, proudly displaying the CVE-number, on heavy cardstock and post it to the RedHat reporter: "I discovered Rust's first official CVE"
(After all, aren't all milestones worth celebrating? )

(btw: This seems like a really good week for Rust, security-wise; first we get the report that the Actix-web-apocalypse has cleaned up practically all their unsafes, and now our first CVE is handled with such finesse; that's quite an examplary performance of the Rust Community!)

Topic		Replies	Views
Rust CVEs - Should I worry?	25	7273	December 3, 2021
Security advisory for standard library announcements	3	598	January 12, 2023
We interviewed 19 Rust developers who regularly use unsafe. Now, we need your help to evaluate what we learned! announcements	6	501	December 25, 2023
Rust presentation ideas community	8	2379	January 12, 2023
PSA: rust-ci.org appears to be defunct; the domain has expired and is redirecting to ads. If you have crates with documentation links pointing there, please use docs.rs instead announcements	4	623	January 12, 2023

Security Advisory for Rustdoc

Related Topics