Skip to content

Ignore rocksdb audit error RUSTSEC-2022-0046#1007

Merged
notmandatory merged 1 commit intobitcoindevkit:release/0.28from
notmandatory:rocksdb_audit_ignore
Jul 19, 2023
Merged

Ignore rocksdb audit error RUSTSEC-2022-0046#1007
notmandatory merged 1 commit intobitcoindevkit:release/0.28from
notmandatory:rocksdb_audit_ignore

Conversation

@notmandatory
Copy link
Copy Markdown
Member

@notmandatory notmandatory commented Jun 16, 2023
edited
Loading

Description

Fixes #1006.

Notes to the reviewers

The compact_filters feature is marked as experimental and we don't use the rocksdb "multiple column families with TTL" feature mentioned in this advisory. Also this feature will be completely reworked for the bdk 1.0 release.

Changelog notice

None

Checklists

All Submissions:

  • I've signed all my commits
  • I followed the contribution guidelines
  • I ran cargo fmt and cargo clippy before committing

Bugfixes:

  • This pull request breaks the existing API
  • I've added tests to reproduce the issue which are now passing
  • I'm linking the issue being fixed by this PR

@notmandatory notmandatory changed the base branch from master to release/0.28 June 16, 2023 03:53
@notmandatory notmandatory marked this pull request as ready for review June 16, 2023 03:53
@notmandatory notmandatory force-pushed the rocksdb_audit_ignore branch from 78355c5 to f7d0852 Compare June 16, 2023 03:55
@notmandatory notmandatory self-assigned this Jun 16, 2023
@notmandatory notmandatory added the bug Something isn't working label Jun 16, 2023
@notmandatory notmandatory added this to the 0.28.1 milestone Jun 16, 2023
@junderw
Copy link
Copy Markdown

junderw commented Jun 16, 2023

Concept ACK

I verified the vulnerability and the fact that the current usage wouldn't trigger it anyways.

Being an experimental feature compounds upon the reasons for the ACK.

@notmandatory notmandatory mentioned this pull request Jul 3, 2023
Closed
16 tasks
@notmandatory notmandatory mentioned this pull request Jul 15, 2023
Closed
19 tasks
danielabrozzoni
danielabrozzoni approved these changes Jul 18, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@danielabrozzoni danielabrozzoni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK f7d0852 - bdk is not affected by this vulnerability, as we never call rocksdb::DBWithThreadMode::open_cf_descriptors_with_ttl()

@notmandatory notmandatory merged commit 07c1ce9 into bitcoindevkit:release/0.28 Jul 19, 2023
@notmandatory notmandatory mentioned this pull request Jul 19, 2023
Closed
@notmandatory notmandatory deleted the rocksdb_audit_ignore branch May 26, 2025 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@danielabrozzoni danielabrozzoni danielabrozzoni approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@notmandatory notmandatory

Labels

bug Something isn't working

Projects

None yet

Milestone

0.28.1

Development

Successfully merging this pull request may close these issues.

release/0.28 audit failing due to RUSTSEC-2022-0046.html

3 participants

@notmandatory @junderw @danielabrozzoni