alamb commented on issue #786:
URL: 
https://github.com/apache/arrow-rs-object-store/issues/786#issuecomment-4891595702

   I had planned one in August. How I could potentially make one sooner (e.g. 
in July)
   
   > critical security advisories:
   
   FWIW my reading of this advisory is that it takes a while to parse 
pathalogically formed XML documents. quick-xml is used by these crates to parse 
responses from the cloud providers, and I don't expect them to be sending 
malformed responses
   
   In other words, I personally would not rate the RUSTSEC vulnerability as 
critical; See also 
   - https://github.com/rustsec/advisory-db/issues/2572
   
   (but that is just me venting, I know the ecosystem uses this advisory DB and 
I will endeavor to get a new release out shortly)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to