SimpleIdServer icon indicating copy to clipboard operation
SimpleIdServer copied to clipboard
verified publisher icon simpleidserver

SimpleIdServer.Scim.Domains has a dependency on a version of System.Text.Json with high severity vulnerabilities

Open RoystonS opened this issue 1 year ago • 1 comments

The latest release of SimpleIdServer.Scim.Domains - and the latest source code for the .csproj (https://github.com/simpleidserver/SimpleIdServer/blob/master/src/Scim/SimpleIdServer.Scim.Domains/SimpleIdServer.Scim.Domains.csproj#L9) references System.Text.Json v8.0.3, which has two high severity vulnerabilities: https://www.nuget.org/packages/System.Text.Json/8.0.3

  • https://github.com/advisories/GHSA-8g4q-xg66-9fp4
  • https://github.com/advisories/GHSA-hh2w-p6rv-4g7w

Both are fixed in System.Text.Json 8.0.5.

RoystonS avatar Feb 12 '25 15:02 RoystonS

Hello, and thank you for your feedback! :)

The NuGet package "System.Text.Json" has already been updated in the "release/5.0.3" branch.

https://github.com/simpleidserver/SimpleIdServer/blob/Release503/src/Scim/SimpleIdServer.Scim.Domains/SimpleIdServer.Scim.Domains.csproj

KR,

SID"

simpleidserver avatar Feb 13 '25 13:02 simpleidserver