Dependency security exceptions
Dependency security exceptions
Section titled “Dependency security exceptions”Security advisories are denied by default. An exception is permitted only when the affected operation is unreachable, the boundary is enforced in code and a removal condition is recorded here.
RUSTSEC-2023-0071 (rsa)
Section titled “RUSTSEC-2023-0071 (rsa)”- Introduced by: optional
async-opcuasupport inaether-io. - Risk: the upstream RSA implementation may leak private-key information through a timing side channel.
- Runtime boundary:
aether-ioaccepts only anonymous OPC UA sessions withSecurityPolicy::NoneandMessageSecurityMode::None. Signing, encryption, username/password authentication and sample keypair generation are rejected before an OPC UA client is constructed. - Default exposure: none. The
opcuaCargo feature is disabled by default. - Compensating control: use a trusted, isolated field network or a separately audited OPC UA bridge whenever transport security or authentication is needed.
- Audit policy: both
deny.tomland the CI/localcargo auditinvocation ignore onlyRUSTSEC-2023-0071; every other advisory remains denied. - Removal condition: remove the
cargo-denyandcargo-auditexceptions plus the temporary runtime restriction onceasync-opcuano longer resolves to an affectedrsarelease; then add authenticated and encrypted integration tests before re-enabling those modes. - Review owner: maintainers; review on every
async-opcuaupdate and at least once per release.
This exception preserves protocol interoperability without claiming that the affected cryptographic operations are safe.