DotNet (Nuget) security updates available

Question

DotNet (Nuget) security updates available

PDunbarCGI opened this issue 10 months ago · comments

When scanning this application for vulnerabilities, I found that the following security updates are available for dependencies in smtp4dev.

DotNet (Nuget) Security Update for Newtonsoft.Json (GHSA-5crp-9r3c-p9vr)
DotNet (Nuget) Security Update for System.Net.Http (GHSA-7jgj-8wvc-jh57)
DotNet (Nuget) Security Update for System.Text.Encodings.Web (GHSA-ghhp-997w-qr28)
DotNet (Nuget) Security Update for Microsoft.AspNetCore.All (GHSA-6px8-22w5-w334)
DotNet (Nuget) Security Update for Microsoft.Build.NuGetSdkResolver (GHSA-6qmf-mmc7-6c2p)
DotNet (Nuget) Security Update for Microsoft.AspNet.Identity.Owin (GHSA-25c8-p796-jg6r)
DotNet (Nuget) Security Update for System.Text.RegularExpressions (GHSA-cmhx-cq75-c4mj)
DotNet (Nuget) Security Update for System.Linq.Dynamic.Core (GHSA-w65q-jcmv-28gj)

Rob Wood · Answer 1 · Sat Feb 24 2024 03:39:43 GMT+0800 (China Standard Time)

Thanks for reporting. The project uses dependabot to keep moving forwards with dependency versions, but unfortunately the CI build it's reliant on has stopped working. I will be looking into this.

Rob Wood · Answer 2 · Sat Feb 24 2024 17:28:39 GMT+0800 (China Standard Time)

This has been resolved.