Closed HowardvanRooijen closed 7 months ago
const-cloudinary
commented
7 months ago Hello @HowardvanRooijen ,
Thanks for reporting this.
We had this vulnerability warning in the past, that's why wee explicitly require safe version here: https://github.com/cloudinary/CloudinaryDotNet/blob/f855f5a3862f21beea575f68da37a86e4ff08486/CloudinaryDotNet/CloudinaryDotNet.csproj#L53
What version does it actually resolve?
skalahasti-cloudinary
commented
7 months ago Hi @HowardvanRooijen ,
Following up to see if saw the latest response from our engineer. Looking forward to your response.
Thanks, Sree
HowardvanRooijen
commented
7 months ago I believe the problem is a transitive dependency from the other packages:
Microsoft.AspNetCore.Html.Abstractions and Microsoft.AspNetCore.Http.Abstractions
Here's the link to the advisory:
const-cloudinary
commented
7 months ago @HowardvanRooijen , the vulnerability should be fixed in the latest version.
Please let us know if you encounter any other issues!
HowardvanRooijen
commented
7 months ago Awesome job! That looks much better! Thanks very much for the fix.
skalahasti-cloudinary
commented
7 months ago Hi @HowardvanRooijen ,
Thanks a lot. Appreciate your test and feedback. Thanks @const-cloudinary for the fix.
Best Regards, Sree
Issue Type (Can be multiple)
In Microsoft Visual Studio Enterprise 2022, Version 17.8.5, in a .NET 8.0 Class Library I see the above / following warning in the csproj for CloudinaryDotNet v 1.25.0:
There are newer versions available: https://www.nuget.org/packages/System.Text.Encodings.Web/
You package currently supports .NET Framework 4.5.2 which went out of support in April 2022:
https://devblogs.microsoft.com/dotnet/net-framework-4-5-2-4-6-4-6-1-will-reach-end-of-support-on-april-26-2022/
It might be worth reviewing which version of .NET you're supporting. I put this diagram together for the Rx.NET project, so we could understand the various support lifecycles: