Resource Exhaustion
#776
Replies: 3 comments
-
|
Hi, yeah I generally try to let the application using the library set the minimum versions by having the library just target the base major version but in this case since it is a security risk I think I will update it in release shortly. Thank you for asking! |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thanks again, I just put out a release for this. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
That's great to hear! Thanks for the quick response and keep up the good work! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello!
Sorry, wasn't sure where to ask this, or should I ask this so feel free to remove if this is not a valid question or if it is the wrong place to ask.
This was introduced yesterday (9th January) : https://security.snyk.io/vuln/SNYK-DOTNET-MICROSOFTIDENTITYMODELJSONWEBTOKENS-6148656
If I am not mistaken, the latest version of Finbuckle.MultiTenant.AspNetCore (6.13.0. currently) is using Microsoft.AspNetCore.Authentication.OpenIdConnect version 8.0.0. which has the issue mentioned above and I believe was fixed in 8.0.1.
I'm sure you are aware of this already, but I just wanted to ask if there are plans for a new version of Finbuckle.MultiTenant.AspNetCore where this will also be fixed.
I'm new to this so feel free to correct me if I wrote anything wrong.
Thanks and have a great day!
Beta Was this translation helpful? Give feedback.
All reactions