Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EF Core 8 depends on Azure.Identity 1.7.0 has reported vulnerabilities #32694

Closed
patrickklaeren opened this issue Dec 31, 2023 · 4 comments
Closed

EF Core 8 depends on Azure.Identity 1.7.0 has reported vulnerabilities #32694

patrickklaeren opened this issue Dec 31, 2023 · 4 comments
Labels
closed-external customer-reported

Comments

@patrickklaeren
Copy link

Microsoft.EntityFrameworkCore.SqlServer references Azure.Identity 1.7.0

Reported vulnerability: GHSA-5mfx-4wcx-rv27

image

Related to #32608

Include provider and version information

EF Core version: 8
Database provider: Microsoft.EntityFrameworkCore.SqlServer
Target framework: .NET 8
Operating system: Windows 11 Pro
IDE: Rider / Visual Studio / VS Code
@ErikEJ
Copy link
Contributor

ErikEJ commented Dec 31, 2023

This is a SqlClient issue and will be fixed in 5.2

@roji
Copy link
Member

roji commented Dec 31, 2023

Duplicate of dotnet/SqlClient#2195

@roji roji marked this as a duplicate of dotnet/SqlClient#2195 Dec 31, 2023
@roji roji closed this as not planned Won't fix, can't repro, duplicate, stale Dec 31, 2023
@bertvan
Copy link

bertvan commented Sep 23, 2024

Question: SqlClient 5.2 has been released 7 months ago.
Is efcore planning to bump to 5.2 in 8, or only in 9?

@ErikEJ
Copy link
Contributor

ErikEJ commented Sep 23, 2024

Is efcore planning to bump to 5.2 in 8, or only in 9?
@bertvan No, as 5.2 is not LTS. You can just add an explicit reference to 5.1.6, I think 5.1.6 will be used soon in EF Core 8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed-external customer-reported
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bertvan @patrickklaeren @roji @ErikEJ