Security Fix Summary (2026-02-12)
Scope
- This document records only issues that have already been fixed.
- Unresolved vulnerabilities are intentionally not listed here.
==================================================================
1) High-Risk IP Spoofing via Forwarded Headers (Fixed)
==================================================================
Problem
- Client IP extraction previously trusted forwarded headers in unsafe cases.
- This could allow spoofed IP values to affect IP-based controls (for example, per-IP SSE limits and Daily ID behavior).
Fix
- Implemented fail-closed logic in:
- src/handlers/thread_handler.rs
- New behavior:
- Forwarded headers are trusted only when:
1) TRUST_PROXY_CIDRS is configured, and
2) the immediate peer IP is inside a trusted proxy CIDR.
- Added operational warning log when TRUST_PROXY_CIDRS is empty:
- src/main.rs
- Added regression/behavior tests:
- src/handlers/thread_handler.rs
- empty_trusted_proxy_list_ignores_spoofed_xff
- non_trusted_peer_ignores_spoofed_xff_when_trusted_proxy_list_is_configured
- trusted_peer_uses_forwarded_ip
Verification
- cargo test -q (passed)
==================================================================
2) RUSTSEC-2026-0007 (bytes) Integer Overflow in BytesMut::reserve (Fixed)
==================================================================
Problem
- Advisory: https://github.com/advisories/GHSA-434x-w66g-qw3r
- Affected dependency version was bytes 1.11.0.
Fix
- Upgraded bytes to 1.11.1:
- Cargo.lock (bytes 1.11.1)
- Added regression test:
- tests/bytes_reserve_overflow_regression.rs
- reserve_overflow_panics
Verification
- cargo test --release -q reserve_overflow_panics (passed)
- cargo audit check confirmed this advisory is no longer reported.
==================================================================
3) RUSTSEC-2024-0363 (sqlx) Binary Protocol Misinterpretation (Fixed)
==================================================================
Problem
- Advisory: https://rustsec.org/advisories/RUSTSEC-2024-0363
- Project dependency was sqlx 0.7.4.
Fix
- Updated sqlx requirement in:
- Cargo.toml (version set to 0.8.1 line)
- Resolved lockfile to sqlx 0.8.6:
- Cargo.lock
Verification
- cargo test -q (passed)
- cargo audit check confirmed this advisory is no longer reported.
==================================================================
4) RUSTSEC-2026-0009 (time) DoS via Stack Exhaustion (Fixed)
==================================================================
Problem
- Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
- Affected dependency version was time 0.3.46 (transitive).
Fix
- Upgraded time to 0.3.47:
- Cargo.lock (time 0.3.47)
- time-macros was also updated by resolver:
- Cargo.lock (time-macros 0.2.27)
Verification
- cargo test -q (passed)
- cargo audit check confirmed this advisory is no longer reported.
==================================================================
Documentation Sync Completed
==================================================================
- SECURITY_HIGH_RISK_FINDINGS.md
- Updated to English.
- Includes implemented remediation details for forwarded-header spoofing issue.
- SECURITY_CVE_AUDIT_REPORT.md
- Updated with fixed-advisory records and remediation details for the completed fixes above.