dotnetjunkie
commented
3 months ago Can you tell me more about those security vulnerabilities?
Closed Ganesh-Ponipireddy closed 2 months ago
dotnetjunkie
commented
3 months ago Can you tell me more about those security vulnerabilities?
dotnetjunkie
commented
3 months ago btw, is your question in any way related to this old discussion?
Ganesh-Ponipireddy
commented
3 months ago No, my question is about the security VULNERABILITY that is found in SimpleInjector.Integration.AspNetCore.Mvc@5.4.0.
Are there any plans to upgrade the packages in the Aspnetcore repo?
We found that few more packages need to be upgraded ex: newtonsoft, system.net.http, System.Security.Cryptography.Xml, and ... etc and also support for dotnet8 (currently, netstandard, net6.0, net7.0 are supported).
dotnetjunkie
commented
3 months ago Can you enlighten me and explain what is keeping you from upgrading those vulnerable packages (as the problem is is not in the Simple Injector packages itself). Why won't upgrading those dependencies fix the problem for you?
Ganesh-Ponipireddy
commented
3 months ago While building the application locally, I get the exception SimpleInjector.snk -- file was not found.
Ganesh-Ponipireddy
commented
3 months ago While building the application locally, I get the exception
SimpleInjector.snk -- file was not found.
This file can be created with the help of below cmds in local https://learn.microsoft.com/en-us/biztalk/core/how-to-configure-a-strong-name-assembly-key-file
Ganesh-Ponipireddy
commented
3 months ago @dotnetjunkie can you please give me the permissions to create a branch in Aspnetcore repo to raise the PR for dotnet 8 support?
dotnetjunkie
commented
3 months ago From the screenshot, I noticed you are still using SimpleInjector.Integration.AspNetCore.Mvc version 5.4.0. Have you tried upgrading to the latest version (v5.5.0) and run your security analysis again?
dotnetjunkie
commented
3 months ago can you please give me the permissions to create a branch in Aspnetcore repo to raise the PR for dotnet 8 support?
Feel free to fork and create a PR for this repo if this helps demonstrates the problem and how to fix it. But please upgrade to the latest releases and test again before you invest your time in an issue that might have already been solved.
And much rather than you sending me a PR is educating me on the issue, because I won't integrate a PR for a fix that I don't fully understand.
We have upgraded our application to dotnet 8 and while doing security scan checks, we found few security vulnerable's. Are there any plans for upgrading the SimpleInjector to dotnet 8 support?