evozniak
commented
7 months ago @JonPSmith Is it possible to merge and release a minor version?
Closed evozniak closed 7 months ago
evozniak
commented
7 months ago @JonPSmith Is it possible to merge and release a minor version?
JonPSmith
commented
7 months ago Hi @evozniak,
I have just released a 6.0.1 which updated the Microsoft.Data.SqlClient NuGet for NET6, 7 and 8.
evozniak
commented
7 months ago @JonPSmith The Microsoft.Data.SqlClient is already on 5.1.4 this package and is still using the 5.1.3 vulnerable package.
https://github.com/advisories/GHSA-5mfx-4wcx-rv27 This CVE is still there on a transient dependency.
JonPSmith
commented
7 months ago I used your helpful link https://github.com/advisories/GHSA-98g6-xh36-x2p7 says to use Microsoft.Data.SqlClient 5.1.3 is the patched version.
PS. If you want a newer version of Microsoft.Data.SqlClient, say 5.1.4, in your test project it will override the version Microsoft.Data.SqlClient in the EfCore.TestSupport NuGet. The only limitation is that the NuGet you add must be at the same, or higher.
The updated package fixes SEVERE security vulnerabilities.
8.7/10 Severity. https://github.com/advisories/GHSA-98g6-xh36-x2p7