Wasmtime GitHub notifications bot (Mar 25 2026 at 12:42): Wasmtime GitHub notifications bot (Mar 25 2026 at 12:42):tomasol requested pchickey for a review on PR #12837.
Wasmtime GitHub notifications bot (Mar 25 2026 at 12:42):tomasol opened PR #12837 from tomasol:update-rustls to bytecodealliance:main:
This updates
rustls-webpkifrom 0.102.x, which is vulnerable to incorrect CRL distribution point matching (RUSTSEC-2026-0049), to 0.103.10.This is causing
rustsec/audit-checkCI to fail. The vulnerability is hard to exploit in practice as it requires compromising a trusted CA
Wasmtime GitHub notifications bot (Mar 25 2026 at 12:42):tomasol requested wasmtime-default-reviewers for a review on PR #12837.
Wasmtime GitHub notifications bot (Mar 25 2026 at 12:43):tomasol updated PR #12837.
Wasmtime GitHub notifications bot (Mar 25 2026 at 12:45):tomasol edited PR #12837:
This updates
rustls-webpkifrom 0.102.x, which is vulnerable to incorrect CRL distribution point matching (RUSTSEC-2026-0049), to 0.103.10.This is causing
rustsec/audit-checkCI in downstream projects to fail. The vulnerability is hard to exploit in practice as it requires compromising a trusted CA
Wasmtime GitHub notifications bot (Mar 25 2026 at 13:14):tomasol updated PR #12837.
Wasmtime GitHub notifications bot (Mar 25 2026 at 13:59):tomasol updated PR #12837.
Wasmtime GitHub notifications bot (Mar 26 2026 at 16:23):fitzgen edited PR #12837:
This updates
rustls-webpkifrom 0.102.x, which is vulnerable to incorrect CRL distribution point matching (RUSTSEC-2026-0049), to 0.103.10.This is causing
rustsec/audit-checkCI in downstream projects to fail. The vulnerability is hard to exploit in practice as it requires compromising a trusted CAFixes https://github.com/bytecodealliance/wasmtime/issues/12814
Wasmtime GitHub notifications bot (Mar 26 2026 at 21:11):pchickey commented on PR #12837:
This has passed my code review but needs https://github.com/tomasol/wasmtime/pull/1 to be merged into the PR before it can passed CI and can be signed off and merged here.
Wasmtime GitHub notifications bot (Mar 26 2026 at 21:26):tomasol updated PR #12837.
Wasmtime GitHub notifications bot (Mar 26 2026 at 21:28):tomasol commented on PR #12837:
Done!
Wasmtime GitHub notifications bot (Mar 26 2026 at 21:28):pchickey submitted PR review.
Wasmtime GitHub notifications bot (Mar 26 2026 at 21:28):pchickey has enabled auto merge for PR #12837.
Wasmtime GitHub notifications bot (Mar 26 2026 at 21:40):pchickey added PR #12837 Update tokio-rustls to 0.26.4, rustls to 0.23 to the merge queue.
Wasmtime GitHub notifications bot (Mar 26 2026 at 22:04):pchickey merged PR #12837.
Wasmtime GitHub notifications bot (Mar 26 2026 at 22:04):pchickey removed PR #12837 Update tokio-rustls to 0.26.4, rustls to 0.23 from the merge queue.
Last updated: Apr 12 2026 at 23:10 UTC