Stop referencing Microsoft.AspNetCore.Http.Abstractions

cnblogs / EnyimMemcachedCore

.NET Memcached client. Available on https://www.nuget.org/packages/EnyimMemcachedCore

Apache License 2.0

162 stars 46 forks source link

Stop referencing Microsoft.AspNetCore.Http.Abstractions #203

Closed Gonyoda closed 9 months ago

Gonyoda commented 9 months ago

We are getting security alerts in our projects using EnyimMemcachedCore due to this library referencing Microsoft.AspNetCore.Http.Abstractions 2.2.0 (nuget is obsolete) which references System.Text.Encodings.Web 4.5.0 that has a known vulnerability here and here.

Is there a way to stop referencing this library (does anyone still use EnyimMemcachedApplicationBuilderExtensions.UseEnyimMemcached??) or have different builds for modern .net versions that no longer reference this old package?

cnblogs-dudu commented 9 months ago

Relate to https://github.com/cnblogs/EnyimMemcachedCore/pull/172#issuecomment-1525225105 #195

cnblogs-dudu commented 9 months ago

Fixed in 2.7.0

Gonyoda commented 9 months ago

TYSM! :)