Microsoft.Azure.Devices.Client v1.42.0 has indirect security vulnerabilies #3397
Comments
|
This has been fixed by removing some out-of-support .net targets from this project via #3400 |
timtay-microsoft
added
the
fix-checked-in
|
It looks like we also need to replace the Azure Storage SDK that we use in our file upload APIs to fully clear the current security issues here, so I'll un-mark this as "fix checked in" while we work on making that happen |
timtay-microsoft
removed
the
fix-checked-in
|
Addressed in 1.42.2 build |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I use Microsoft.Azure.Devices.Client Version 1.42.0 in an IoT Edge project, and it appears that this project has a (transitive) dependency on System..Net.Http v4.3 which would contain security vulnarabilities:
The text was updated successfully, but these errors were encountered: