open-telemetry · alanwest · Jul 11, 2024 · Jul 9, 2024 · Jul 9, 2024 · Jul 9, 2024
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -54,11 +54,9 @@
     -->
     <PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
 
-    <!-- A conservative version of System.Text.Encodings.Web must be used here since there is no backward compatibility guarantee during major version bumps. -->
-    <PackageVersion Include="System.Text.Encodings.Web" Version="4.7.2" />
+    <PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />
 
-    <!-- A conservative version of System.Text.Json must be used here since there is no backward compatibility guarantee during major version bumps. -->
-    <PackageVersion Include="System.Text.Json" Version="4.7.2" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
 
     <!-- A conservative version of System.Threading.Tasks.Extensions must be used here since there is no backward compatibility guarantee during major version bumps. -->
     <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />

@@ -1,6 +1,6 @@
 <Project>
   <Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
   <ItemGroup>
-    <PackageVersion Update="System.Text.Json" Version="6.0.5" />
+    <PackageVersion Update="System.Text.Json" Version="8.0.4" />
   </ItemGroup>
 </Project>
diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+* Bumped the minimum required version of `System.Text.Json` to 8.0.4  and its
+  indirect dependency on `System.Text.Encodings.Web`   to 8.0.0 in response to
+  [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
+  ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
+
 ## 1.9.0
 
 Released 2024-Jun-14

diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
@@ -6,6 +6,11 @@
   `Convert.ToString` will now format using `CultureInfo.InvariantCulture`.
   ([#5700](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5700))
 
+* Bumped the minimum required version of `System.Text.Json` to 8.0.4  and its
+  indirect dependency on `System.Text.Encodings.Web`   to 8.0.0 in response to
+  [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
+  ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
+
 ## 1.9.0
 
 Released 2024-Jun-14

@@ -1,7 +1,7 @@
 <Project>
   <Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
   <ItemGroup>
-    <PackageVersion Update="System.Text.Json" Version="7.0.1" />
+    <PackageVersion Update="System.Text.Json" Version="8.0.4" />
     <PackageVersion Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
     <PackageVersion Include="Microsoft.Coyote" Version="1.7.10" />
   </ItemGroup>