System.Text.Json "high severity" security issue.

FoundatioFx / Foundatio

Pluggable foundation blocks for building distributed apps.

Apache License 2.0

1.98k stars 244 forks source link

System.Text.Json "high severity" security issue. #330

Open archanox opened 17 hours ago

archanox commented 17 hours ago

There's a reported "high severity" security issue with System.Text.Json 8.0.4

https://github.com/advisories/GHSA-8g4q-xg66-9fp4

ejsmith commented 9 hours ago

Thanks. If you are referencing a higher version of the nuget package in your app, it will use that version instead of the transitive dependency version from Foundatio. Generally, we don't like to force people to be running latest, but I guess in the case of a security vulnerability we should update it.

niemyjski commented 9 hours ago

It's already been updated but release hasn't been tagged