Open Closed

High severity vulnerabilities in System.Text.Json, Microsoft.Extensions.Caching.Memory and ImageSharp libraries #8276


User avatar
0
JonSteer73 created
  • ABP Framework version: v8.3.2
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server.)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no

Hi there. We've run a SAST tool (GitHub advanced security for DevOps) on our Blazor server project and it has noted high severity vulnerabilities in the following packages, which are bundled as part of the ABP libraries:

  • System.Text.Json https://github.com/advisories/GHSA-8g4q-xg66-9fp4
  • Microsoft.Extensions.Caching.Memory https://github.com/advisories/GHSA-qj66-m88j-hmgj
  • SixLabors.ImageSharp https://github.com/advisories/GHSA-63p8-c4ww-9cg7

Are these libraries due to be updated as part of the v9 release? If not, would it be possible to get them patched as part of the next upgrade please?

Thanks! :)


2 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Yes, we upgrade all Nuget package to the latest

    https://github.com/abpframework/abp/pull/20960

  • User Avatar
    0
    JonSteer73 created

    Sounds perfect - thanks!

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11