From fce9f1cbf17814023704cc17712343b6774b4842 Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com> Date: Tue, 30 Jun 2026 17:48:42 +0200 Subject: [PATCH] fix(audit): bump quinn-proto + ignore rmcp DNS-rebinding advisory Two new RUSTSEC advisories landed between 2026-06-18 and 2026-06-30 that started failing every PR's `cargo audit` step: - RUSTSEC-2026-0185 (quinn-proto 0.11.14): remote memory exhaustion via unbounded out-of-order stream reassembly. Patched in 0.11.15 (semver- compatible). `cargo update -p quinn-proto`, no API change. - RUSTSEC-2026-0189 (rmcp 0.16.0): DNS rebinding in Streamable HTTP server transport due to missing Host-header validation. Patched in rmcp >= 1.4.0, which is a major API jump from our pin (rmcp shipped 0.x -> 1.x -> 2.x in three months and the migration touches every tool handler + the auth middleware just landed in #92). Added to ignore with justification: our MCP server is exposed at a public hostname behind orca's TLS-terminating ingress with per-tenant bearer auth. The attack model (browser DNS-rebinding into a victim's localhost MCP server) doesn't apply to a public-hostname deployment. Defense-in-depth Host-header validation remains worthwhile, tracked as a multi-hour M7.3 follow-up to migrate rmcp 0.16 -> 2.x. Unblocks #96 and #94. --- .cargo/audit.toml | 13 +++++++++++++ Cargo.lock | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.cargo/audit.toml b/.cargo/audit.toml index e183aab..9b47028 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -7,4 +7,17 @@ ignore = [ # not a realistic attack surface here. Revisit when mongodb bumps hickory. "RUSTSEC-2026-0118", # NSEC3 loop, no fix available upstream "RUSTSEC-2026-0119", # O(n²) name compression, fixed in hickory-proto >=0.26.1 + + # rmcp 0.16.0 — DNS rebinding in Streamable HTTP server transport (missing + # Host header validation). Patched in rmcp >= 1.4.0, which is a major API + # version jump from our pin; rmcp shipped 0.x → 1.x → 2.x in three months + # and the migration touches every tool handler + the auth middleware we + # just landed in #92. Threat model in our deployment: the MCP server is + # exposed at a public hostname (comp-mcp-dev.meghsakha.com) behind orca's + # TLS-terminating ingress with per-tenant bearer auth — the attack model + # (browser DNS-rebinding into localhost MCP server) doesn't directly apply. + # Defense-in-depth Host-header check is still a worthwhile follow-up. + # FOLLOW-UP: bump rmcp to 2.x in a dedicated PR (M7.3 follow-up, sized + # multi-hour due to API surface change). + "RUSTSEC-2026-0189", ] diff --git a/Cargo.lock b/Cargo.lock index d892731..fe8a944 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4282,9 +4282,9 @@ dependencies = [ [[package]] name = "quinn-proto" -version = "0.11.14" +version = "0.11.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +checksum = "4fcb935c5bec503c2f0e306bdd3e58bb9029dcb14fa8d9ac76e3a5256ac0763e" dependencies = [ "bytes", "getrandom 0.3.4",