Add advisory for logging of access tokens in matrix-sdk (#1444)

rustsec · Oct 24, 2022 · e40084b · e40084b
1 parent 6a42285
commit e40084b
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/crates/matrix-sdk/RUSTSEC-0000-0000.md b/crates/matrix-sdk/RUSTSEC-0000-0000.md
@@ -0,0 +1,18 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "matrix-sdk"
+date = "2022-10-24"
+url = "https://github.com/matrix-org/matrix-rust-sdk/issues/1110"
+
+[versions]
+patched = [">= 0.6.2"]
+unaffected = ["< 0.6.0"]
+```
+
+# matrix-sdk 0.6.0 logs access tokens
+
+When sending Matrix requests using an affected version of `matrix-sdk` in an application that
+writes logs using `tracing-subscriber` (in a way that includes fields of tracing spans such as
+`tracing_subscriber`s default text output from the `fmt` module), these logs will contain the
+user's access token.