Description
cargo audit reports bincode v1.3.3 as unmaintained (RUSTSEC-2025-0141). The crate is used extensively throughout ApexStore for serializing WAL records, SSTable metadata, and more.
Impact
- No security fixes for future vulnerabilities in bincode
- No performance improvements
- Risk of relying on unmaintained serialization in a storage engine
Recommendation
Evaluate replacements:
bincode v2.x (if stable)postcard (no_std, binary, fast)msgpack via rmp-serde- Custom compact encoding for WAL/SSTable formats
Severity
Medium — no known vulnerability in current bincode version, but unmaintained status is a risk.
Labels
Description
cargo auditreportsbincodev1.3.3 as unmaintained (RUSTSEC-2025-0141). The crate is used extensively throughout ApexStore for serializing WAL records, SSTable metadata, and more.Impact
Recommendation
Evaluate replacements:
bincodev2.x (if stable)postcard(no_std, binary, fast)msgpackviarmp-serdeSeverity
Medium — no known vulnerability in current bincode version, but unmaintained status is a risk.
Labels