System.Text.Json in v8.0.2 of dotnet has a known vulnerability and its recommended to update to v8.0.4 #376
Labels
Comments
|
Apologies for the less then detailed ticket, not really a bug just an advisory that's been flagged internally to me, so no reproducible steps etc |
|
If the reference is via Serilog.Settings.Configuration, then there is a new version of that which contains updated dependencies for this issue - serilog/serilog-settings-configuration#425 |
Merged
|
Interestingly our package scanner doesn't flag the configuration pkg at all. There's also every chance its a false positive from the tool. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
The Serilog maintainers want you to have a great experience using Serilog, and will happily track down and resolve bugs. We all have limited time, though, so please think through all of the factors that might be involved and include as much useful information as possible 😊.
ℹ If the problem is caused by a sink or other related package, please try to track down the correct repository for that package and create the report there: this tracker is for the Serilog.AspNetCore package only.
Description
There is a known vulnerability in System.Text.Json for v8.0.2 of dotnet which was flagged to me by our package scanners during CI/CD.
Its recommended to update to v8.0.4
See microsoft advisory here -> GHSA-hh2w-p6rv-4g7w
Reproduction
n/a
Expected behavior
n/a
Relevant package, tooling and runtime versions
Serilog v8.0.1+
Additional context
n/a
The text was updated successfully, but these errors were encountered: