FIND-20260325-015 · 2026-03-25 · Innovation Veille

RustSec RUSTSEC-2026-0057: tokio-reactor crate is unmaintained

cve MEDIUM
RustSec advisory RUSTSEC-2026-0057 marks the tokio-reactor crate as unmaintained as of March 20, 2026. The tokio-reactor crate was an older compatibility shim for Tokio's reactor pattern that has been superseded by tokio's built-in runtime. Any crates still depending on tokio-reactor as a transitive dependency should be audited. No active CVE associated — this is an unmaintained package notice.

Source

https://rustsec.org/advisories/RUSTSEC-2026-0057

ODS Impact

ODS services use Actix-web (which depends on Tokio). If any transitive dependency still pulls in tokio-reactor, it should be eliminated. Run cargo tree | grep tokio-reactor on all ODS Rust services to audit. Modern tokio (1.x) does not require tokio-reactor — this is only a concern for very old or unmaintained crate dependencies.

Security Review

License: MIT | Maintenance: ABANDONED | Risk: MEDIUM | Recommendation: AVOID

Tags

rust tokio security unmaintained supply-chain rustsec
Generated by ODS Innovation Veille · 2026-03-25T07:10:35+00:00