Skip to content

v0.12.1 — security/robustness patch

Latest
Latest

Choose a tag to compare

View all tags
@fastrevmd-lab fastrevmd-lab released this 20 Jun 02:48
· 1 commit to main since this release
v0.12.1
5aa409f

Security and robustness patch for rustnetconf (0.12.1) and rustnetconf-cli (0.3.1). No API changes.

Fixes

  • Well-formed reconstructed XML: the RPC reply parser now re-escapes decoded entities (&, <, >) when reconstructing <data>, error-info, and Junos inner content. Previously unescape()-decoded text was re-emitted raw, which could yield malformed XML for device data containing special characters. Covered by new regression tests.
  • Cleared yanked dependency: bumped russh 0.60 → 0.61 and aes to 0.9.1, clearing the cargo audit yanked-crate warning.
  • Non-Unix state-file safety: on non-Unix platforms (no portable chmod), netconf now warns that saved state snapshots are not guaranteed owner-only, since snapshots may contain sensitive device config.

crates.io

  • rustnetconf 0.12.1
  • rustnetconf-cli 0.3.1
  • rustnetconf-yang 0.1.3 (unchanged)
Assets 2
Loading