0
JonSteer73 created
- ABP Framework version: v8.3.2
- UI Type: Blazor Server
- Database System: EF Core (SQL Server.)
- Tiered (for MVC) or Auth Server Separated (for Angular): no
Hi there. We've run a SAST tool (GitHub advanced security for DevOps) on our Blazor server project and it has noted high severity vulnerabilities in the following packages, which are bundled as part of the ABP libraries:
- System.Text.Json https://github.com/advisories/GHSA-8g4q-xg66-9fp4
- Microsoft.Extensions.Caching.Memory https://github.com/advisories/GHSA-qj66-m88j-hmgj
- SixLabors.ImageSharp https://github.com/advisories/GHSA-63p8-c4ww-9cg7
Are these libraries due to be updated as part of the v9 release? If not, would it be possible to get them patched as part of the next upgrade please?
Thanks! :)
2 Answer(s)
-
0
Hi,
Yes, we upgrade all Nuget package to the latest
https://github.com/abpframework/abp/pull/20960
-
0
Sounds perfect - thanks!