We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi Anders,
Over the weekend my builds have started to fail due to a vulnerability in a transitive dependency in ITfoxtec.Identity.Saml2.
The dependency chain is: ITfoxtec.Identity.Saml2 -> System.Security.Cryptography.Xml (8.0.1) -> System.Security.Cryptography.Pkcs (8.0.0) -> System.Formats.Asn1 (8.0.0)
The CVE can be seen here: link to CVE
I noticed that version 8.0.2 of System.Security.Cryptography.Xml has updated the dependency of System.Formats.Asn1 to the patched version 8.0.1.
8.0.2
System.Formats.Asn1
8.0.1
Would it be possible to update ITfoxtec.Identity.Saml2 to use System.Security.Cryptography.Xml 8.0.2 to fix this security issue?
Thanks in advance for your great work on the project!
The text was updated successfully, but these errors were encountered:
Thank you, released in https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/releases/tag/4.13.3
Sorry, something went wrong.
No branches or pull requests
Hi Anders,
Over the weekend my builds have started to fail due to a vulnerability in a transitive dependency in ITfoxtec.Identity.Saml2.
The dependency chain is:
ITfoxtec.Identity.Saml2 -> System.Security.Cryptography.Xml (8.0.1) -> System.Security.Cryptography.Pkcs (8.0.0) -> System.Formats.Asn1 (8.0.0)
The CVE can be seen here: link to CVE
I noticed that version
8.0.2
of System.Security.Cryptography.Xml has updated the dependency ofSystem.Formats.Asn1
to the patched version8.0.1
.Would it be possible to update ITfoxtec.Identity.Saml2 to use System.Security.Cryptography.Xml 8.0.2 to fix this security issue?
Thanks in advance for your great work on the project!
The text was updated successfully, but these errors were encountered: