[SECURITY] bump to sqlx 0.7.0 #1753
Assignees
Comments
Merged
1 task
|
Hey @Elizafox, thanks for the report!! We're aware of the issue and will be be upgraded to SQLx v0.7 |
|
Awesome. I didn't see a report, so I reported it. |
|
Awesome. Can we expect a crate release today? 🙏 |
|
Please do not push for a release. At the same time we are doing our best. You can use |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
libsqlite3-sys has a high severity security advisory. sqlx depends on libsqlite3-sys for sqlite support.
The fix has landed in sqlx 0.7.0: launchbadge/sqlx#2387
The sqlx dependency must be updated to fix the issue.
Workarounds
Avoiding huge (billions of character) inputs should prevent triggering the security issue. Sanitising potentially large inputs before passing them to SeaORM should prevent the problem.
Versions
HEAD, and all released supported versions.
The text was updated successfully, but these errors were encountered: