Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bot Builder 4.22.9 has vulnerable package Azure.Identity 1.3.0 #6862

Open
xzf0587 opened this issue Oct 23, 2024 · 4 comments
Open

Bot Builder 4.22.9 has vulnerable package Azure.Identity 1.3.0 #6862

xzf0587 opened this issue Oct 23, 2024 · 4 comments
Assignees
@ceciliaavila
Labels
bug Indicates an unexpected problem or an unintended behavior.

Comments

@xzf0587
Copy link

xzf0587 commented Oct 23, 2024
edited
Loading

Version

DotNet Bot Builder 4.22.9

Describe the bug

vulnerable package Azure.Identity 1.3.0

To Reproduce

The NuGet Manager will show the vulnerable package.
@xzf0587 xzf0587 added bug Indicates an unexpected problem or an unintended behavior. needs-triage The issue has just been created and it has not been reviewed by the team. labels Oct 23, 2024
@xzf0587
Copy link
Author

xzf0587 commented Oct 28, 2024

Is there any update for this issue?

@tracyboehrer tracyboehrer removed the needs-triage The issue has just been created and it has not been reviewed by the team. label Nov 1, 2024
@JhontSouth
Copy link
Collaborator

Hi @xzf0587, @tracyboehrer,
This package is no longer used in the project. It was removed after the update of the package Microsoft.Identity.Web.Certificateless from 1.26.0 to 3.30. This vulnerability will be fixed in the next release.

@xzf0587
Copy link
Author

xzf0587 commented Nov 6, 2024

Hi @JhontSouth,
Thanks for the reply. It is happy to know the fix plan.
What is the next release time?

@JhontSouth
Copy link
Collaborator

Hi @xzf0587,
Maybe @tracyboehrer can help us with that information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ceciliaavila ceciliaavila

Labels
bug Indicates an unexpected problem or an unintended behavior.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tracyboehrer @xzf0587 @ceciliaavila @JhontSouth