Security Advisory for Rustdoc

steveklabnik · July 6, 2018, 7:50pm

We have a security advisory for rustdoc today. Please read and share widely:

scottmcm · July 6, 2018, 8:48pm

The plugin infrastructure predates 1.0 and is not usable on stable or nightly Rust today. Its removal should not impact any Rust users.

Best kind of security bug

Also, kudos for the nicely-phrased "no, Rust doesn't prevent all bugs" paragraph

U007D · July 8, 2018, 12:16am

Love the way this disclosure is being handled. Kudos to everyone involved.

juleskers · July 10, 2018, 11:21am

Excellent handling! Good that you use this low-risk incident as a "dress rehearsal"!

.. Rust’s first official CVE, this is somewhat of a milestone for us ..

I say we print an award certficate, proudly displaying the CVE-number, on heavy cardstock and post it to the RedHat reporter: "I discovered Rust's first official CVE"
(After all, aren't all milestones worth celebrating? )

(btw: This seems like a really good week for Rust, security-wise; first we get the report that the Actix-web-apocalypse has cleaned up practically all their unsafes, and now our first CVE is handled with such finesse; that's quite an examplary performance of the Rust Community!)

Topic		Replies	Views
Rust CVEs - Should I worry?	25	8328	December 3, 2021
Security advisory for standard library announcements	3	619	January 12, 2023
We interviewed 19 Rust developers who regularly use unsafe. Now, we need your help to evaluate what we learned! announcements	6	586	December 25, 2023
Security advisories for April 2020: rustqlite, os_str_bytes, flatbuffers announcements	6	813	August 11, 2020
Rust presentation ideas community	8	2524	January 12, 2023

Security Advisory for Rustdoc

Related topics