GHSA-p2q9-36vw-c468: olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm
were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys
is a thin wrapper around libolm
and is now deprecated and potentially vulnerable in kind.
Users of olm-sys
and its higher-level abstraction, olm-rs
, are highly encouraged to switch to vodozemac
as soon as possible. It is the successor effort to libolm
and is written in Rust.
References
Detect and mitigate GHSA-p2q9-36vw-c468 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →