Hello!
Is there an official process for submitting security vulnerabilities that does not count against our allotted support questions?
ABP Studio 1.2.2, installed 9/16/2025 from Microsoft Store
- Template: app
- Created ABP Studio Version: 1.2.2
- Current ABP Studio Version: 1.2.2
- Tiered: Yes
- Multi-Tenancy: Yes
- UI Framework: blazor-webapp
- Theme: leptonx
- Theme Style: system
- Theme Menu Placement: side
- Run Install Libs: Yes
- Database Provider: mongodb
- Run Db Migrator: Yes
- Mobile Framework: none
- Public Website: Yes
- Social Login: Yes
- Include Tests: Yes
- Kubernetes Configuration: Yes
- Distributed Event Bus: rabbitmq
- Use Local References: No
- Optional Modules:
- GDPR
- FileManagement
- TextTemplateManagement
- LanguageManagement
- AuditLogging
- Chat
- OpenIddictAdmin
- Selected Languages:
English, English (United Kingdom)
- Default Language: English
- Create Command: abp new AT1.Core -t app --tiered --ui-framework blazor-webapp --database-provider mongodb --theme leptonx --public-website --without-cms-kit --sample-crud-page --dont-run-bundling -chat -file-management
- MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
- 'MessagePack 2.2.85' from AT1.Core.AuthServer
- SixLabors ImageSharp Has Infinite Loop in GIF Decoder When Skipping Malformed Comment Extension Blocks
- 'SixLabors.ImageSharp 3.1.8' from AT1.Core.AuthServer
- ImageMagick
- 'Magick.NET-Q16-AnyCPU 13.4.0' from AT1.Core.Web.Public
