Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore rocksdb audit error RUSTSEC-2022-0046 #1007

Merged
merged 1 commit into from
Jul 19, 2023
Merged

Ignore rocksdb audit error RUSTSEC-2022-0046 #1007

merged 1 commit into from
Jul 19, 2023

Conversation

notmandatory
Copy link
Member

@notmandatory notmandatory commented Jun 16, 2023
edited
Loading

Description

Fixes #1006.

Notes to the reviewers

The compact_filters feature is marked as experimental and we don't use the rocksdb "multiple column families with TTL" feature mentioned in this advisory. Also this feature will be completely reworked for the bdk 1.0 release.

Changelog notice

None

Checklists

All Submissions:

  • I've signed all my commits
  • I followed the contribution guidelines
  • I ran cargo fmt and cargo clippy before committing

Bugfixes:

  • This pull request breaks the existing API
  • I've added tests to reproduce the issue which are now passing
  • I'm linking the issue being fixed by this PR

@notmandatory notmandatory changed the base branch from master to release/0.28 June 16, 2023 03:53
@notmandatory notmandatory marked this pull request as ready for review June 16, 2023 03:53
@notmandatory notmandatory self-assigned this Jun 16, 2023
@notmandatory notmandatory added the bug Something isn't working label Jun 16, 2023
@notmandatory notmandatory added this to the 0.28.1 milestone Jun 16, 2023
@junderw
Copy link

junderw commented Jun 16, 2023

Concept ACK

I verified the vulnerability and the fact that the current usage wouldn't trigger it anyways.

Being an experimental feature compounds upon the reasons for the ACK.

@notmandatory notmandatory mentioned this pull request Jul 3, 2023
Closed
16 tasks
@notmandatory notmandatory mentioned this pull request Jul 15, 2023
Closed
19 tasks
danielabrozzoni
danielabrozzoni approved these changes Jul 18, 2023
View reviewed changes
Copy link
Member

@danielabrozzoni danielabrozzoni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK f7d0852 - bdk is not affected by this vulnerability, as we never call rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl()

@notmandatory notmandatory merged commit 07c1ce9 into bitcoindevkit:release/0.28 Jul 19, 2023
@notmandatory notmandatory mentioned this pull request Jul 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielabrozzoni danielabrozzoni danielabrozzoni approved these changes

Assignees

@notmandatory notmandatory

Labels
bug Something isn't working
Projects
BDK Maintenance
Archived in project
Milestone
0.28.1
Development

Successfully merging this pull request may close these issues.

release/0.28 audit failing due to RUSTSEC-2022-0046.html
3 participants
@notmandatory @junderw @danielabrozzoni