You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
.NET9 will bring extended audit for vulnerable references including all indirect references.
It can be replicated also on older versions by compiling projects with following options
'System.Net.Http' 4.3.0 has a known high severity vulnerability, GHSA-7jgj-8wvc-jh57
'System.Text.RegularExpressions' 4.3.0 has a known high severity vulnerability, GHSA-cmhx-cq75-c4mj
The issue is valid for all available targets netstandard1.3 and net4.5.
Fix
Drop support both for netstandard1.3 and net4.5. Replace it by net6.0 and net462. It should cover all supported .NET versions. If needed, it can be extended also by netstandard2.0.
Next step is release never version.
Workaround
Manually pin packages to non-vulnerable version.
The text was updated successfully, but these errors were encountered:
.NET9 will bring extended audit for vulnerable references including all indirect references.
It can be replicated also on older versions by compiling projects with following options
Preparing OTel contrib repository for this, reveals that KaitaiStruct.Runtime.CSharp v0.10.0 brings
The issue is valid for all available targets netstandard1.3 and net4.5.
Fix
Drop support both for
netstandard1.3andnet4.5. Replace it bynet6.0andnet462. It should cover all supported .NET versions. If needed, it can be extended also bynetstandard2.0.Next step is release never version.
Workaround
Manually pin packages to non-vulnerable version.
The text was updated successfully, but these errors were encountered: