Microsoft.Azure.Devices.Client v1.42.0 has indirect security vulnerabilies

Azure / azure-iot-sdk-csharp

A C# SDK for connecting devices to Microsoft Azure IoT services

Other

463 stars 493 forks source link

Microsoft.Azure.Devices.Client v1.42.0 has indirect security vulnerabilies #3397

Closed fgheysels closed 8 months ago

fgheysels commented 9 months ago

I use Microsoft.Azure.Devices.Client Version 1.42.0 in an IoT Edge project, and it appears that this project has a (transitive) dependency on System..Net.Http v4.3 which would contain security vulnarabilities:

timtay-microsoft commented 9 months ago

This has been fixed by removing some out-of-support .net targets from this project via #3400

timtay-microsoft commented 8 months ago

It looks like we also need to replace the Azure Storage SDK that we use in our file upload APIs to fully clear the current security issues here, so I'll un-mark this as "fix checked in" while we work on making that happen

andyk-ms commented 8 months ago

Addressed in 1.42.2 build