From dd0703e582ab7edc2637bc3385d540c3dbffa0db Mon Sep 17 00:00:00 2001
From: Austin Bonander <austin.bonander@gmail.com>
Date: Sat, 24 Aug 2024 07:46:16 -0700
Subject: [PATCH] update resolution for RUSTSEC-2024-0363 (sqlx) (#2050)

---
 crates/sqlx/RUSTSEC-2024-0363.md | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/crates/sqlx/RUSTSEC-2024-0363.md b/crates/sqlx/RUSTSEC-2024-0363.md
index b79428639..131a56e7e 100644
--- a/crates/sqlx/RUSTSEC-2024-0363.md
+++ b/crates/sqlx/RUSTSEC-2024-0363.md
@@ -45,12 +45,9 @@ For web application backends, consider adding some middleware that limits the si
 
 ## Resolution
 
-Work has started on a branch to add `#[deny]` directives for the following Clippy lints:
+`sqlx 0.8.1` has been released with the fix: <https://github.com/launchbadge/sqlx/blob/main/CHANGELOG.md#081---2024-08-23>
 
-* [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation)
-* [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap)
-* [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss)
+Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
+<https://github.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901>
 
-and to manually audit the code that they flag.
-
-A fix is expected to be included in the `0.8.1` release (still WIP as of writing).
+MySQL and SQLite do not _appear_ to be exploitable, but upgrading is recommended nonetheless.