maliming
commented
1 month ago Already fixed by https://github.com/abpframework/abp/pull/20960
Closed MichelZ closed 1 month ago
maliming
commented
1 month ago Already fixed by https://github.com/abpframework/abp/pull/20960
MichelZ
commented
1 month ago @maliming While I can see Imagesharp, I would like to make sure that BouncyCastle was not missed in the Volo.Abp.Commercial.Core package, as it's not in that PR. Thanks
maliming
commented
1 month ago hi
We also update the Volo.Abp.Commercial.Core in private repos.
Thanks
Is there an existing issue for this?
Description
We get vulnerability warnings in a scan of the built containers about packages with vulnerabilities being used:
BouncyCasle.Cryptographylibrary version2.2.1Please find vulnerability information here: https://github.com/advisories/GHSA-m44j-cfrm-g8qc Please update this library to at least Version2.3.1, It seems to be referenced inVolo.Abp.Commercial.CoreSixLabors.ImageSharplibrary version3.1.4Please find vulnerability information here: https://github.com/advisories/GHSA-63p8-c4ww-9cg7 https://github.com/advisories/GHSA-qxrv-gp6x-rc23Please update this library to as least Version
3.1.5, it seems to be referenced inVolo.Abp.Imaging.ImageSharpThanks!
Reproduction Steps
No response
Expected behavior
No response
Actual behavior
No response
Regression?
No response
Known Workarounds
No response
Version
8.3.1
User Interface
Angular
Database Provider
EF Core (Default)
Tiered or separate authentication server
Separate Auth Server
Operation System
Linux
Other information
No response