Gregory's ServerFun fact: the most recent CVE in the Rust standard library (toctou in remove_dir_all) also applies to C++ standard library implementations. But in C++ it's just considered undefined behaviour and your own fault if any other process touches the file system, so it's not considered an issue.
 2 comments
 @fasterthanlime @Mara Hopefully the bar stays high. On r/rust the last few times something like this hit the general tech news, several commenters thought it was a mistake to accept CVEs for issues that wouldn't be CVEs in other languages. |
@Mara the eternal tragedy of Rust security advisories, which put the bar so much higher 🥲