Closed roemba closed 1 year ago
Needs review with the team.
@roemba Feel free to contribute PR as you suggested which could be reviewed by the team.
I created PR to address the issue. I know .NET Core 3.1 is EOL but we still have quite a few users still using it so were not ready to remove support yet from this library. The PR will address your issue though.
https://github.com/aws/aws-ssm-data-protection-provider-for-aspnet/pull/55
Version 3.1.1 has been released with the fix on the dependency. Thanks for letting us know the issue.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the feature
The current version of Microsoft.AspNetCore.DataProtection.Extensions is 3.1.28. I would like to request upgrading this to the latest 6.0.* version.
Use Case
The current version of Microsoft.AspNetCore.DataProtection.Extensions is 3.1.28 :
<PackageReference Include="Microsoft.AspNetCore.DataProtection.Extensions" Version="3.1.28" />
Version 3.1.28 has a dependency on
System.Security.Cryptography.Xml
version 4.7.1 that has a dependency onSystem.Security.Permissions
4.7.0 that again has a dependency onSystem.Drawing.Common
4.7.0 that has CVE-2021-24112 , see https://avd.aquasec.com/nvd/2021/cve-2021-24112/.NET Core 3.1 has reached EOL on 13-12-2022 so I suggest upgrading
Microsoft.AspNetCore.DataProtection.Extensions
to 6.0.* to resolve any old dependency problems.Proposed Solution
No response
Other Information
No response
Acknowledgements
AWS .NET SDK and/or Package version used
Amazon.AspNetCore.DataProtection.SSM version 3.1.0
Targeted .NET Platform
.Net Core 6
Operating System and version
Ubuntu