Closed LionelBergen closed 2 months ago
We're going to release considering releasing a maintenance patch that updates these 2 dependencies with vulnerabilities. In the meantime, you should be able to upgrade the impacted packages explicitly.
Please continue to track this with the issue shown above in the IdentityServer issue tracker. I'm closing this one.
Which version of Duende IdentityServer are you using? 6.3.8
Which version of .NET are you using? 6
Describe the bug
Security Vulnerabilities show up when running
dotnet list package --vulnerable --include-transitive
, for 2 dependenciesTo Reproduce
Run
dotnet list package --vulnerable --include-transitive
insidesrc/IdentityServer
Expected behavior
No vulnerabilities
Additional context
6.3.x is listed as maintained as long as .NET 6.0 is (until November 12, 2024)