fabiocav
commented
3 years ago Assigning this work for completion. This will be picked up ASAP and released when done. In the meantime, please override the dependency in your project.
Closed hansgschossmann closed 3 years ago
fabiocav
commented
3 years ago Assigning this work for completion. This will be picked up ASAP and released when done. In the meantime, please override the dependency in your project.
fabiocav
commented
3 years ago For awareness; though the references are outdated, the runtime has been patched for a while and that's the version that gets loaded at runtime, as it is a serviced component.
fabiocav
commented
3 years ago Updates sent on this. No action taken on SDK/Functions packages as our dependency on this is transitive dependency and the other packages are the latest versions. Closing this as there's no further action here.
FrankBurmo
commented
2 years ago @fabiocav this surely needs another consideration? Any app with the current version of Microsoft.NET.Sdk.Functions v 4.1.0 is vulnerable (references System.Text.Encodings.Web 4.5.0)
My security scanner reports a vulnerability in Microsoft.NET.Sdk.Functions NuGet 3.0.11 caused by System.Text.Encodings.Web which would be required to update to a newer version.
Are you planning to fix this anytime soon?