From a3a1c4db82f9bafc9348e4509d773df1db2d3a95 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=99=B4=E5=A4=A9?= <keh5@vip.qq.com>
Date: Sat, 25 Apr 2026 11:25:24 +0800
Subject: [PATCH] fix(security): update rustls-webpki for dependabot alert

---
 CHANGELOG.md         | 1 +
 src-tauri/Cargo.lock | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ef6eaa..bf10b66 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,7 @@
 - **Hermes Gateway 启动自修复** — 启动前自动检查并修复 `platforms.api_server.enabled`，避免升级或手动编辑配置后 Gateway 缺失 `/v1/runs` 能力
 - **Web/桌面下载行为分流** — `hermes_logs_download` 根据运行时区分桌面真实落盘与 Web Blob 下载，避免 Web 模式误保存到服务端目录
 - **普通记忆文件下载提示** — Blob 下载提示改为说明浏览器默认下载目录，减少“下载没落点”的误解
+- **Dependabot #11** — 升级 `rustls-webpki` 至 `0.103.13`，修复畸形 CRL BIT STRING 触发 panic 的拒绝服务风险
 
 ## [0.13.4] - 2026-04-20
 
diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock
index b449503..828356a 100644
--- a/src-tauri/Cargo.lock
+++ b/src-tauri/Cargo.lock
@@ -3265,9 +3265,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.12"
+version = "0.103.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
 dependencies = [
  "ring",
  "rustls-pki-types",