Skip to content

Commit

Permalink
blockbook: update Rust crate tokio-tungstenite to 0.20.0
Browse files Browse the repository at this point in the history 
Previous `tokio-tungstenite` versions depend transitively
on `webpki` which is vulnerable to CPU denial of service
attacks [1].

[1] https://rustsec.org/advisories/RUSTSEC-2023-0052
  • Loading branch information
@toxeus
toxeus committed Aug 23, 2023
1 parent e7c0e3e commit ffb22eb
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Allowed a `blockbook::TransactionSpecific` to be converted into a `bitcoin::Transaction`.
- Renamed both rest and websocket clients from `Blockbook` to `Client`.
- Renamed `blockbook::Client::send_transaction` to `blockbook::Client::broadcast_transaction`.
- Bumped `tokio-tungstenite` to version 0.20.0 that is not vulnerable to
https://rustsec.org/advisories/RUSTSEC-2023-0052 via the `webpki` crate.

## 0.1.0

Expand Down
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ serde = { version = "1", features = ["derive"] }
serde_json = "1"
thiserror = "1"
tokio = { version = "1", features = [ "macros" ] }
tokio-tungstenite = { version = "0.18", features = [ "rustls-tls-webpki-roots" ] }
tokio-tungstenite = { version = "0.20", features = [ "rustls-tls-webpki-roots" ] }
tracing = { version = "0.1", default-features = false }
url = "2"
uuid = { version = "1", features = [ "serde", "v4" ] }
Expand Down

0 comments on commit ffb22eb

Please # to comment.