Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update System.Data.SqlClient dependency to version 4.8.5 #2061

Closed
Rockvolleyball opened this issue Nov 17, 2022 · 4 comments · Fixed by #2064
Closed

Update System.Data.SqlClient dependency to version 4.8.5 #2061

Rockvolleyball opened this issue Nov 17, 2022 · 4 comments · Fixed by #2064
Assignees
@ajcvickers
Milestone
6.5

Comments

@Rockvolleyball
Copy link

Rockvolleyball commented Nov 17, 2022
edited
Loading

November 8th a vulnerability was reported to System.Data.SqlClient versions <=4.8.4 which is fixed in 4.8.5 (GHSA-8g2p-5pqh-5jmc).

We are using the latest EF6 (6.4.4) and we found that the it contains System.Data.SqlClient 4.8.1. No update available within the NuGet packages.

Is there a reason why this is not updated? Is EF6 not affected because of some other protections are in place? Or will there be an update soon to replace the System.Data.SqlClient?

Thanks!
@Rockvolleyball Rockvolleyball changed the title Does EF6 need to be updated with System.Data.SqlClient? Does EF6 need to update System.Data.SqlClient to version 4.8.5? Nov 17, 2022
@ErikEJ
Copy link
Contributor

ErikEJ commented Nov 17, 2022

You can just add an explicit reference to 4.8.5

@Rockvolleyball
Copy link
Author

OK, why not update EF6 which is still in support so that everybody will get the updated version?

@ErikEJ
Copy link
Contributor

ErikEJ commented Nov 17, 2022

Maybe it will as part of #823 which is planned for this year @ajcvickers ?

@ajcvickers ajcvickers changed the title Does EF6 need to update System.Data.SqlClient to version 4.8.5? Update System.Data.SqlClient dependency to version 4.8.5 Nov 17, 2022
@ajcvickers ajcvickers self-assigned this Nov 17, 2022
@ajcvickers ajcvickers added this to the 6.5 milestone Nov 17, 2022
ErikEJ added a commit to ErikEJ/EntityFramework6PowerTools that referenced this issue Nov 26, 2022
@ErikEJ
Update to S.D.S 4.8.5
663fc9d 
fixes dotnet#2061
@ErikEJ ErikEJ mentioned this issue Nov 26, 2022
Merged
ajcvickers pushed a commit that referenced this issue Dec 6, 2022
@ErikEJ @ajcvickers
Update to S.D.S 4.8.5
78a5a1b 
fixes #2061
@Rockvolleyball
Copy link
Author

Thanks for all the work!

@ErikEJ ErikEJ mentioned this issue Dec 14, 2022
Closed
@wolfkor wolfkor mentioned this issue Dec 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajcvickers ajcvickers

Labels
None yet
Projects
None yet
Milestone
6.5
Development

Successfully merging a pull request may close this issue.

Update to S.D.S 4.8.5 ErikEJ/EntityFramework6PowerTools
3 participants
@ajcvickers @ErikEJ @Rockvolleyball