Update rand advisory to include an additional patched version.#2795
Merged
djc merged 1 commit intorustsec:mainfrom Apr 17, 2026
Merged
Update rand advisory to include an additional patched version.#2795djc merged 1 commit intorustsec:mainfrom
djc merged 1 commit intorustsec:mainfrom
Conversation
The fix was backported to the 0.8 branch and released as version 0.8.6. Update the advisory to indicate that this version is also safe.
nwalfield
force-pushed
the
rand/update-rand
branch
from
a7b56a0 to
52bab4c
Compare
djc
approved these changes
Apr 17, 2026
Contributor
Author
|
Thanks @djc for the quick reaction. |
Member
|
Thanks! (Separately I'm curious to hear more about why you need OpenSSL support for Hickory in Sequoia -- a quick search found https://gitlab.com/sequoia-pgp/sequoia/-/work_items/1133 but that seems to be talking about the other direction...) |
Contributor
Author
|
The short answer is that some of our downstreams prefer OpenSSL to AWS-LC or ring. @decathorpe documented the Fedora and RHEL position here quite well, I think: hickory-dns/hickory-dns#3452 . (I'm happy to continue the discussion, but perhaps this is not the right place.) |
Member
|
(I'm djc on GitLab as well if you want to tag me in an issue over there.) |
Contributor
This part needs updating too: #2796 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The fix was backported to the 0.8 branch and released as version 0.8.6. Update the advisory to indicate that this version is also safe.
For details, please see rust-random/rand#1772 and rust-random/rand#1770 .