Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Fix vulnerability issues in IdentityServer4 package (Development Identity Server) #4751

Open
brendankowitz opened this issue Dec 10, 2024 · 0 comments
Open

Fix vulnerability issues in IdentityServer4 package (Development Identity Server) #4751

brendankowitz opened this issue Dec 10, 2024 · 0 comments
Labels
Bug-Security Security related bugs. Open source This change is only relevant to the OSS code or release. Up for grabs The issue require minimal context and is well-suited for new contributors.

Comments

@brendankowitz
Copy link
Member

brendankowitz commented Dec 10, 2024
edited by azure-boards bot
Loading

The PR Build & Deploy pipeline was failing due to this vulnerability issue in IdentityServer4 package. The error was temporarily suppressed, and we need a permanent fix for the issue. See the docs below for more details.

IdentityServer Open Redirect vulnerability · CVE-2024-39694 · GitHub Advisory Database

An alternative opensource library might be: OpenIddict

Same as: AB#123727
@brendankowitz brendankowitz added Bug-Security Security related bugs. Open source This change is only relevant to the OSS code or release. Up for grabs The issue require minimal context and is well-suited for new contributors. labels Dec 10, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Bug-Security Security related bugs. Open source This change is only relevant to the OSS code or release. Up for grabs The issue require minimal context and is well-suited for new contributors.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@brendankowitz