Closed HowardvanRooijen closed 7 months ago
Hello @HowardvanRooijen ,
Thanks for reporting this.
We had this vulnerability warning in the past, that's why wee explicitly require safe version here: https://github.com/cloudinary/CloudinaryDotNet/blob/f855f5a3862f21beea575f68da37a86e4ff08486/CloudinaryDotNet/CloudinaryDotNet.csproj#L53
What version does it actually resolve?
Hi @HowardvanRooijen ,
Following up to see if saw the latest response from our engineer. Looking forward to your response.
Thanks, Sree
I believe the problem is a transitive dependency from the other packages:
Microsoft.AspNetCore.Html.Abstractions
and Microsoft.AspNetCore.Http.Abstractions
Here's the link to the advisory:
@HowardvanRooijen , the vulnerability should be fixed in the latest version.
Please let us know if you encounter any other issues!
Awesome job! That looks much better! Thanks very much for the fix.
Hi @HowardvanRooijen ,
Thanks a lot. Appreciate your test and feedback. Thanks @const-cloudinary for the fix.
Best Regards, Sree
Issue Type (Can be multiple)
In Microsoft Visual Studio Enterprise 2022, Version 17.8.5, in a .NET 8.0 Class Library I see the above / following warning in the csproj for CloudinaryDotNet v 1.25.0:
There are newer versions available: https://www.nuget.org/packages/System.Text.Encodings.Web/
You package currently supports .NET Framework 4.5.2 which went out of support in April 2022:
https://devblogs.microsoft.com/dotnet/net-framework-4-5-2-4-6-4-6-1-will-reach-end-of-support-on-april-26-2022/
It might be worth reviewing which version of .NET you're supporting. I put this diagram together for the Rx.NET project, so we could understand the various support lifecycles: