GHSA-p2q9-36vw-c468: olm-sys: wrapped library unmaintained, potentially vulnerable

September 3, 2024

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind.

Users of olm-sys and its higher-level abstraction, olm-rs, are highly encouraged to switch to vodozemac as soon as possible. It is the successor effort to libolm and is written in Rust.

References

github.com/advisories/GHSA-p2q9-36vw-c468
gitlab.gnome.org/BrainBlasted/olm-sys
gitlab.gnome.org/BrainBlasted/olm-sys/-/issues/12
matrix.org/blog/2024/08/libolm-deprecation
rustsec.org/advisories/RUSTSEC-2024-0368.html

Code Behaviors & Features

Detect and mitigate GHSA-p2q9-36vw-c468 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →