Microsoft.IdentityModel.JsonWebTokens version 7.5.2 has dependencies with CRITICAL CVE findings #457
Assignees
Labels
Comments
|
Hi @stefnees , Thank You. |
|
Thank you so much for the quick response. It would be great to get this resolved so that our security scans will quit yelling at us. I look forward to a resolution. :) |
|
Hi @stefnees , Please let us know if there is something that still requires change to fix the issue. Thank You. |
|
Thanks so much for such a quick response! That’s great news!
*Stephanie Sudderth*
…On Mon, Nov 18, 2024 at 4:05 PM Mudit Garg ***@***.***> wrote:
Hi @stefnees <https://github.com/stefnees> ,
The issue should be resolved with following release:
https://github.com/docusign/docusign-esign-csharp-client/releases/tag/v8.0.2
.
Please let us know if there is something that still requires change to fix
the issue.
Thank You.
—
Reply to this email directly, view it on GitHub
<#457 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AE6HSXXSQAMFMBOPFZV4NLD2BJJCFAVCNFSM6AAAAABRWZNMS6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBUGEZDQNBQGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
- System.Text.Encodings.Web/4.7.1
Upgrading to at least 7.7.0 gets past the System.Text.Json version that pulls in the dependency with the issue.
Reference: CVE-2021-26701
dotnet/announcements#178
The text was updated successfully, but these errors were encountered: