This repo is the official home of .NET on GitHub. It's a great starting point to find many .NET OSS projects from Microsoft and the community, including many that are part of the .NET Foundation.
I hope you can help me clarify a question about system packages.
Since version 4.3.0 no more versions were released for the package, if I understand correctly the package is now part of a bundle that is published in each dotnet version. Now, if we open the package Microsoft.NETCore.App.Ref we can see that the new version is present in the FrameworkList.xml. Considering this, the version is the one that is in the AssemblyVersion property or the FileVersion property? Because, looking at the GitHub advisory it seems they are using the FileVersion to tell if the package is vulnerable or not. Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability CVE-2023-36049 GitHub Advisory Database
Hi,
I hope you can help me clarify a question about system packages.
Since version 4.3.0 no more versions were released for the package, if I understand correctly the package is now part of a bundle that is published in each dotnet version. Now, if we open the package Microsoft.NETCore.App.Ref we can see that the new version is present in the FrameworkList.xml. Considering this, the version is the one that is in the AssemblyVersion property or the FileVersion property? Because, looking at the GitHub advisory it seems they are using the FileVersion to tell if the package is vulnerable or not. Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability CVE-2023-36049 GitHub Advisory Database
Thanks