Reported

March 5, 2025

Issued

March 7, 2025

Package

ring (crates.io)

Type

INFO Unmaintained

References

• https://github.com/briansmith/ring/discussions/2450

Patched

no patched versions

Unaffected

• >=0.17

Description

ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc.

Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes.

Advisory available under CC0-1.0 license.