Skip to content

Commit 3fd5fa1

Browse files
Pin Microsoft.OpenApi to patched version (#104)
1 parent 88bbed3 commit 3fd5fa1

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

Directory.Packages.props

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
11
<Project>
22
<PropertyGroup>
33
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
4+
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
45
<AspireVersion>13.1.2</AspireVersion>
56
</PropertyGroup>
67

78
<!-- ASP.NET Core Dependencies -->
89
<ItemGroup Label="ASP.NET Core">
910
<PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.7" />
11+
<!-- Pin to patched version to avoid CVE-2026-49451 (stack overflow on circular schema refs). -->
12+
<PackageVersion Include="Microsoft.OpenApi" Version="2.7.5" />
1013
<PackageVersion Include="Microsoft.Extensions.Http" Version="10.0.7" />
1114
</ItemGroup>
1215

0 commit comments

Comments
 (0)