You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While Hermes is mostly using the Rustls TLS implementation which is not affected, we should ensure that we do not depend on OpenSSL at all to avoid opening up the door for such vulnerabilities in the future.
At the moment, only the ibc-chain-registry transitively depends on OpenSSL on Linux via the reqwest crate which is used to fetch data from the chain registry on GitHub.
Version
master
Steps to Reproduce
Either on Linux or with the x86_64-unknown-linux-gnu toolchain installed:
Summary of Bug
OpenSSL released a security advisory on November 1st which contains two CVE with severity HIGH.
While Hermes is mostly using the Rustls TLS implementation which is not affected, we should ensure that we do not depend on OpenSSL at all to avoid opening up the door for such vulnerabilities in the future.
At the moment, only the
ibc-chain-registry
transitively depends on OpenSSL on Linux via thereqwest
crate which is used to fetch data from the chain registry on GitHub.Version
master
Steps to Reproduce
Either on Linux or with the
x86_64-unknown-linux-gnu
toolchain installed:Acceptance Criteria
The commands above do not mention
openssl
,openssl-sys
nornative-tls
.For Admin Use
The text was updated successfully, but these errors were encountered: