alamb commented on issue #786: URL: https://github.com/apache/arrow-rs-object-store/issues/786#issuecomment-4891595702
I had planned one in August. How I could potentially make one sooner (e.g. in July) > critical security advisories: FWIW my reading of this advisory is that it takes a while to parse pathalogically formed XML documents. quick-xml is used by these crates to parse responses from the cloud providers, and I don't expect them to be sending malformed responses In other words, I personally would not rate the RUSTSEC vulnerability as critical; See also - https://github.com/rustsec/advisory-db/issues/2572 (but that is just me venting, I know the ecosystem uses this advisory DB and I will endeavor to get a new release out shortly) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
