RUSTSEC-2025-0007

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2025-0007
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0007.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2025-0007
Withdrawn
2025-02-22T12:00:00Z
Published
2025-02-20T12:00:00Z
Modified
2025-03-06T21:16:59Z
Summary
*ring* is unmaintained
Details

The author has announced an indefinite hiatus in its development, noting that any reported security vulnerabilities may go unaddressed for prolonged periods of time.

Update: security maintenance only

After this advisory was published, the author graciously agreed to give access to the rustls team. The rustls team is committed to providing security (only) maintenance for ring for the foreseeable future.

Update: back to normal

Things are more-or-less back to how they were before, and in particular the situation isn't "security maintenance only."

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / ring

Package

Name
ring
View open source insights on deps.dev
Purl
pkg:cargo/ring

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "arch": [],
        "functions": [],
        "os": []
    }
}

Database specific

categories 
[]
informational 
"unmaintained"
cvss 
null
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0007.json"