WebSocket4Net icon indicating copy to clipboard operation
WebSocket4Net copied to clipboard
verified publisher icon kerryjiang

Security vulnerability requires upgrading System.Net.Security to 4.3.2 or later

Open murjev opened this issue 3 years ago • 3 comments

Current version uses System.Net.Security 4.3.0, through SuperSocket 2.0.0-beta8 which is vulnerable ref: https://github.com/aspnet/Announcements/issues/239

To address, update to using SuperSocket which uses System.Net.Security to 4.3.2 or newer.

murjev avatar Feb 11 '22 11:02 murjev

This 3rd party vulnerability continues to be highlighted on scans, could you set an ETA for it?

murjev avatar May 20 '22 09:05 murjev

@murjev I have also seen this on scans, particularly for iOS

SpencerBurgess avatar Jun 28 '22 16:06 SpencerBurgess

@murjev If you include 4.3.2 in your project it will resolve the dependency requirement and it won't install 4.3.0 to your App (So your app will be secure and your scan will be clean).

SpencerBurgess avatar Jun 28 '22 19:06 SpencerBurgess

Should not have this problem right now.

kerryjiang avatar Jun 01 '24 19:06 kerryjiang

Ok, I think it came from old websocket4net for .net framework.

kerryjiang avatar Jun 01 '24 19:06 kerryjiang

Won't fix it in old version. Please reference the newer version of System.Net.Security in your project by yourself.

kerryjiang avatar Jun 01 '24 19:06 kerryjiang