Closed MichaelJames008 closed 2 months ago
sfc-gh-dszmolka
commented
3 months ago hi and thanks for raising this with us ! just to double check and be on the same page, is AKS flagging CVE-2024-30172(https://github.com/advisories/GHSA-m44j-cfrm-g8qc) or is it some other vulnerability it detects ?
MichaelJames008
commented
3 months ago Hello, it is flagged as high severity for CVE-2024-29857 and CVE-2024-30172.
sfc-gh-dszmolka
commented
3 months ago thank you for confirming - both seem to be classified as Moderate but regardless, we'll take care. Thank you again for your report !
MichaelJames008
commented
3 months ago Thanks much! appreciate it.
sfc-gh-dszmolka
commented
3 months ago sfc-gh-dszmolka
commented
3 months ago PR is merged and will be part of the next release, which is expected towards second half of June 2024
sfc-gh-dszmolka
commented
3 months ago Will update this thread once more information is known about the next upcoming major release of the .NET driver which will carry this fix.
edit: confirming with Product team; release should be available by mid-July 2024
sfc-gh-dszmolka
commented
2 months ago fix released with Snowflake .NET driver version v4.0.0 in July 2024
Hi Team,
This is not really a bug but just a request to update the connector dependency BouncyCastle.Cryptography package. v2.2.1 is getting flag as security vulnerability in AKS, could you please update it to v2.3.1 or higher.
Please answer these questions before submitting your issue. In order to accurately debug the issue this information is required. Thanks!
What version of .NET driver are you using? NET 8
What operating system and processor architecture are you using? Windows and Unix
What version of .NET framework are you using? NET 8 E.g. .net framework 4.5.2 or .net standard 2.0
What did you do?
no error just package update needed.
What did you expect to see?
Need the dependency package updated to v2.3.1 or higher.
Can you set logging to DEBUG and collect the logs?
https://community.snowflake.com/s/article/How-to-generate-log-file-on-Snowflake-connectors not applicable
What is your Snowflake account identifier, if any? (Optional)