Resolve CVE-2021-43877 #50723
Merged
Resolve CVE-2021-43877 #50723
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
the
area-infrastructure
|
Hey @dotnet/aspnet-build, looks like this PR is something you want to take a look at. |
mthalman
approved these changes
Sep 15, 2023
Tratcher
approved these changes
Sep 15, 2023
mmitche
approved these changes
Sep 15, 2023
SteveSandersonMS
pushed a commit
that referenced
this pull request
Sep 20, 2023
* Revert "Remove hardcoded System.Security.Cryptography.Xml version (#48029)" (#50723) This reverts commit 42d14c4. * [Blazor] Prerendered state (#50742) [Blazor] Adds support for persting prerendered state on Blazor Web applications. * Persists state both for server and webassembly as necessary. * Initializes the state when a given interactive runtime is initialized and renders the first set of components. * On WebAssembly, this is the first time the app starts. * On Server this happens every time a circuit starts. * The state is available during the first render, until the components reach quiescence. The approach we follow is different for server and webassembly: * On Server, we support initializing the circuit with an empty set of descriptors and in that case, we delay initialization until the first `UpdateRootComponents` call is issued. * This is because it's hard to deal with the security constraints imposed by starting a new circuit multiple times, and its easier to handle them within UpdateRootComponents. We might switch this approach in the future to go through `StartCircuit` too. * On WebAssembly, we query for the initial set of webassembly components when we are starting the runtime in a Blazor Web Scenario. * We do this because Blazor WebAssembly offers a programatic API to render root components at a given location defined by their selectors, so we need to make sure that those components can receive state at the same time the initial set of WebAssembly components added to the page. There are a set of tests validating different behaviors with regards to enhanced navigation and streaming rendering, as well as making sure that auto mode can access the state on Server and WebAssembly, and that Server gets new state every time a circuit is opened. * Make IEmailSender more customizable (#50301) * Make IEmailSender more customizable * Remove unnecessary metadata * Add TUser parameter * React to API review feedback * Fix IdentitySample.DefaultUI * Update branding to RTM (#50799) --------- Co-authored-by: Igor Velikorossov <[email protected]> Co-authored-by: Javier Calvarro Nelson <[email protected]> Co-authored-by: Stephen Halter <[email protected]> Co-authored-by: William Godbe <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As per https://github.com/dotnet/aspnetcore-internal/issues/4372#issuecomment-1719506100
Revert "Remove hardcoded System.Security.Cryptography.Xml version (#48029)"
This reverts commit 42d14c4.