Closed murjev closed 1 month ago
This 3rd party vulnerability continues to be highlighted on scans, could you set an ETA for it?
@murjev I have also seen this on scans, particularly for iOS
@murjev If you include 4.3.2 in your project it will resolve the dependency requirement and it won't install 4.3.0 to your App (So your app will be secure and your scan will be clean).
Should not have this problem right now.
Ok, I think it came from old websocket4net for .net framework.
Won't fix it in old version. Please reference the newer version of System.Net.Security in your project by yourself.
Current version uses System.Net.Security 4.3.0, through SuperSocket 2.0.0-beta8 which is vulnerable ref: https://github.com/aspnet/Announcements/issues/239
To address, update to using SuperSocket which uses System.Net.Security to 4.3.2 or newer.