Closed ajaind86 closed 7 months ago
@ReubenBond - Tagging for visibility
I hope I am not wrong:
If this is a framework assembly, then the installed runtime version defines the version, not the app. If this is a normal package, you can usually define the minor version in your csproj, by just installing the newest version.
So it is not urgent for Orleans team to do anything here.
We bumped the SDK version to 8.0.200
All of Orleans nuget packages are based on .NET 8.0.0. A security vulnerability that existed in .NET 8.0.0 has been fixed in .NET 8.0.1 (linked below). Please update Orleans packages be use the new version as Black Duck scans running in our project are flagging .NET 8.0.0 as a security risk.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 https://www.cve.org/CVERecord?id=CVE-2024-0056