Update to Microsoft.Data.SqlClient 5.1.5 to address CVE-2024-21319

serilog-mssql / serilog-sinks-mssqlserver

A Serilog sink that writes events to Microsoft SQL Server and Azure SQL

Apache License 2.0

283 stars 148 forks source link

Update to Microsoft.Data.SqlClient 5.1.5 to address CVE-2024-21319 #520

Closed miksh7 closed 9 months ago

miksh7 commented 9 months ago

Please update to Microsoft.Data.SqlClient 5.1.5 to address CVE-2024-21319

ckadluba commented 9 months ago

Hi @miksh7 and thank you for reporting your finding.

This issue is a duplicate of #517 which is already fixed in PR #518.

I should mention that the fix is yet only released in a prerelease on nuget.org. I will create a regular release within the next days and will leave this issue open until then for informational purposes.

ckadluba commented 9 months ago

Release 6.5.2 is now on nuget with a fix https://www.nuget.org/packages/Serilog.Sinks.MSSqlServer/6.5.2.