-
Notifications
You must be signed in to change notification settings - Fork 102
Yanked versions
Tom Kaitchuck edited this page Dec 5, 2020
·
8 revisions
Some versions on Crates.io have been yanked. Below is a listing as to why:
- The versions in
0.1.*and0.2.*below0.2.19were yanked due to this issue which caused them to not compile with newer versions of theconst-randompackage. - The versions in
0.3.*that are below0.3.5were yanked due to a subtle quality problem which could in theory be used by an adversary with full control over the input to produce a partial collision of the lower 32 bits of the hash by guessing with a 1 in 4096 chance. This is not likely be usable as a practical attack because aside from the probability, the Rust hashmap implementation by default uses the upper byte to resolve collisions without resorting to an equality comparison. Nevertheless the affected versions were yanked to avoid the possibility. - Versions
0.5.8and0.6.0were yanked due to compile errors when building for certain no-std platforms.