murjev
commented
2 years ago This 3rd party vulnerability continues to be highlighted on scans, could you set an ETA for it?
Closed murjev closed 1 month ago
murjev
commented
2 years ago This 3rd party vulnerability continues to be highlighted on scans, could you set an ETA for it?
SpencerBurgess
commented
2 years ago @murjev I have also seen this on scans, particularly for iOS
SpencerBurgess
commented
2 years ago @murjev If you include 4.3.2 in your project it will resolve the dependency requirement and it won't install 4.3.0 to your App (So your app will be secure and your scan will be clean).
kerryjiang
commented
1 month ago Should not have this problem right now.
kerryjiang
commented
1 month ago Ok, I think it came from old websocket4net for .net framework.
kerryjiang
commented
1 month ago Won't fix it in old version. Please reference the newer version of System.Net.Security in your project by yourself.
Current version uses System.Net.Security 4.3.0, through SuperSocket 2.0.0-beta8 which is vulnerable ref: https://github.com/aspnet/Announcements/issues/239
To address, update to using SuperSocket which uses System.Net.Security to 4.3.2 or newer.