Skip to content

Upgrade version of Microsoft.Azure.WebJobs.Extensions.Http to remove vulnerability #493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 17, 2022
Merged

Upgrade version of Microsoft.Azure.WebJobs.Extensions.Http to remove vulnerability #493

merged 3 commits into from
Oct 17, 2022

Conversation

jackbatzner
Copy link
Contributor

There is a vulnerability in Microsoft.AspNetcore.Http in 2.1.0 that we need to upgrade

References:

@jackbatzner
Upgrade version of Microsoft.Azure.WebJobs.Extensions.Http to remove …
e37be6f 
…vulneratbility.

There is a vulnerability in Microsoft.AspNetcore.Http in 2.1.0 that we need to upgrade

References:
- GHSA-hxrm-9w7p-39cc
- dotnet/aspnetcore#24264
@jackbatzner
Copy link
Contributor Author

Hi @justinyoo - Please take a peek at this PR, there's a high vulnerability that should be resolved for consumers of this library.

@SeanC2222
Copy link

@justinyoo I will second the request on this item.

justinyoo
justinyoo requested changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@justinyoo justinyoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jackbatzner for this PR. I've left some comments for you to take a look.

@justinyoo justinyoo added enhancement New feature or request v1.5.0 labels Oct 17, 2022
@justinyoo justinyoo added this to the Release 202209 - v1.5.0 milestone Oct 17, 2022
justinyoo
justinyoo requested changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@justinyoo justinyoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's focus on the NuGet package update in this PR. Please remove the two other C# file updates from this PR and create a new one.

@jackbatzner jackbatzner requested a review from justinyoo October 17, 2022 13:48
justinyoo
justinyoo requested changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@justinyoo justinyoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the PR

@justinyoo justinyoo merged commit 9232fa6 into Azure:main Oct 17, 2022
@SeanC2222
Copy link

Thanks to @jackbatzner for the fix, and @justinyoo for being responsive!

Derich367 pushed a commit to Derich367/azure-functions-openapi-extension that referenced this pull request Jan 30, 2023
@jackbatzner @Derich367
Upgrade version of Microsoft.Azure.WebJobs.Extensions.Http to remove …
d5b3dd0 
…vulnerability (Azure#493)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinyoo justinyoo justinyoo approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Release 2022Q4 - v1.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@jackbatzner @SeanC2222 @justinyoo