Upgrade Npgsql for CVE-2024-32655 security patch

nopSolutions / nopCommerce

ASP.NET Core eCommerce software. nopCommerce is a free and open-source shopping cart.

https://www.nopcommerce.com

Other

9.09k stars 5.2k forks source link

Upgrade Npgsql for CVE-2024-32655 security patch #7186

Closed sanamhub closed 2 months ago

sanamhub commented 2 months ago

closes #7185

skoshelev commented 2 months ago

Hi @sanamhub. Thank you for your help

sanamhub commented 2 months ago

Hi @sanamhub. Thank you for your help

You're welcome @skoshelev !

Also, advice to upgrade on other affected production branches

skoshelev commented 2 months ago

I analyzed the essence of the vulnerability, and I don’t see an attack vector with its use on a site running on nopCommerce, so we just updated the library to a newer version of only the current development branch.