- Reported
-
- Issued
-
- Package
-
serde_yml
(crates.io)
- Type
-
INFO
Unsound
- References
-
- Patched
-
no patched versions
Description
Using serde_yml::ser::Serializer.emitter can cause a segmentation fault, which is unsound.
The GitHub project for serde_yml was archived after unsoundness issues were raised.
If you rely on this crate, it is highly recommended switching to a maintained alternative.
Recommended alternatives
serde_norway - Maintained fork of serde_yaml, using unsafe-libyaml-norwayserde_yaml_ng - Maintained fork of serde_yaml, using unmaintained unsafe-libyaml
Incomplete pure Rust alternatives
These implementation do not rely on C libyaml.
Advisory available under CC0-1.0
license.