Skip to content

Commit f09486c

Browse files
bgavrilMSbgavrilMS
authored
Bump DataProtection to 10.0.7 for CVE (#3796)
1 parent 35935e9 commit f09486c

2 files changed

Lines changed: 4 additions & 3 deletions

File tree

Directory.Build.props

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -119,13 +119,13 @@
119119
<PropertyGroup Condition="'$(TargetFramework)' == 'net10.0'">
120120
<NetTenRuntimeVersion>10.0.0</NetTenRuntimeVersion>
121121
<AspNetCoreTenRuntimeVersion>10.0.0</AspNetCoreTenRuntimeVersion>
122-
<!--CVE: GHSA-37gx-xxp4-5rgx, GHSA-w3x6-4m5h-cxqf-->
123-
<SystemSecurityCryptographyServicingVersion>10.0.6</SystemSecurityCryptographyServicingVersion>
122+
<!--CVE: GHSA-37gx-xxp4-5rgx, GHSA-w3x6-4m5h-cxqf, DataProtection requires 10.0.7 min instead of 10.0.6-->
123+
<SystemSecurityCryptographyServicingVersion>10.0.7</SystemSecurityCryptographyServicingVersion>
124124
<MicrosoftAspNetCoreAuthenticationJwtBearerVersion>$(AspNetCoreTenRuntimeVersion)</MicrosoftAspNetCoreAuthenticationJwtBearerVersion>
125125
<MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>$(AspNetCoreTenRuntimeVersion)</MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>
126126
<MicrosoftExtensionsCachingMemoryVersion>$(NetTenRuntimeVersion)</MicrosoftExtensionsCachingMemoryVersion>
127127
<MicrosoftExtensionsHostingVersion>$(NetTenRuntimeVersion)</MicrosoftExtensionsHostingVersion>
128-
<MicrosoftAspNetCoreDataProtectionVersion>$(AspNetCoreTenRuntimeVersion)</MicrosoftAspNetCoreDataProtectionVersion>
128+
<MicrosoftAspNetCoreDataProtectionVersion>10.0.7</MicrosoftAspNetCoreDataProtectionVersion>
129129
<SystemSecurityCryptographyPkcsVersion>$(SystemSecurityCryptographyServicingVersion)</SystemSecurityCryptographyPkcsVersion>
130130
<SystemSecurityCryptographyXmlVersion>$(SystemSecurityCryptographyServicingVersion)</SystemSecurityCryptographyXmlVersion>
131131
<MicrosoftExtensionsLoggingVersion>$(NetTenRuntimeVersion)</MicrosoftExtensionsLoggingVersion>

Microsoft.Identity.Web.sln

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{FF3B93A1
186186
build\build.md = build\build.md
187187
build\CodeCoverage.runsettings = build\CodeCoverage.runsettings
188188
build\credscan-exclusion.json = build\credscan-exclusion.json
189+
Directory.Build.props = Directory.Build.props
189190
build\GenerateDocFx.ps1 = build\GenerateDocFx.ps1
190191
build\Microsoft.Identity.Web-Source-Assemblies.dgml = build\Microsoft.Identity.Web-Source-Assemblies.dgml
191192
build\MSAL.snk = build\MSAL.snk

0 commit comments

Comments
 (0)