From fa16543ea95c1f172832df701f8f5b778576d2d9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 23:38:12 +0000 Subject: [PATCH 1/2] Document Newtonsoft.Json upgrade breaking change for Cosmos provider in EF Core 9.0 (fixes #4804) Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com> Agent-Logs-Url: https://github.com/dotnet/EntityFramework.Docs/sessions/2eb3a0b2-e99c-4d2f-944a-229c2e3eed0c --- .../ef-core-9.0/breaking-changes.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md index 862f0f5397..12cd57a4ed 100644 --- a/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md +++ b/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md @@ -348,6 +348,7 @@ Extensive work has gone into making the Azure Cosmos DB provider better in 9.0. | [Incorrectly translated queries are no longer translated](#cosmos-incorrect-translations) | Medium | | [`HasIndex` now throws instead of being ignored](#cosmos-hasindex-throws) | Low | | [`IncludeRootDiscriminatorInJsonId` was renamed to `HasRootDiscriminatorInJsonId` after 9.0.0-rc.2](#cosmos-IncludeRootDiscriminatorInJsonId-rename) | Low | +| [The referenced Newtonsoft.Json version was updated from 10.0.2 to 13.0.1](#cosmos-newtonsoft-json-version) | Low | ### High-impact changes @@ -688,3 +689,25 @@ Another related API was renamed to start with `Has` instead of `Include`, and so ##### Mitigations If your code is using the `IncludeRootDiscriminatorInJsonId` API, simply change it to reference `HasRootDiscriminatorInJsonId` instead. + + + +#### The referenced Newtonsoft.Json version was updated from 10.0.2 to 13.0.1 + +[Tracking Issue #34666](https://github.com/dotnet/efcore/pull/34666) + +##### Old behavior + +The Cosmos provider referenced Newtonsoft.Json version 10.0.2. + +##### New behavior + +Starting with EF Core 9.0, the Cosmos provider references Newtonsoft.Json version 13.0.1. + +##### Why + +The previously referenced version of Newtonsoft.Json has known vulnerabilities. The version was updated to avoid depending on a package version with known security issues. + +##### Mitigations + +The upgrade to Newtonsoft.Json 13.0.1 should not cause issues in most cases. If your application uses Newtonsoft.Json directly and relies on a specific older version, you can update your application to be compatible with Newtonsoft.Json 13.0.1 or later. See the [Newtonsoft.Json release notes](https://github.com/JamesNK/Newtonsoft.Json/releases) for details on changes between versions. From 66cf1dd94bb83897a451f687c878dbcc0ffb2fdd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Mar 2026 00:20:34 +0000 Subject: [PATCH 2/2] Remove tracking issue link per reviewer feedback Co-authored-by: AndriySvyryd <6539701+AndriySvyryd@users.noreply.github.com> Agent-Logs-Url: https://github.com/dotnet/EntityFramework.Docs/sessions/1de6c4b3-c44e-4b17-974f-f4af5a0f9244 --- .../core/what-is-new/ef-core-9.0/breaking-changes.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md b/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md index 12cd57a4ed..ecd7089fe9 100644 --- a/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md +++ b/entity-framework/core/what-is-new/ef-core-9.0/breaking-changes.md @@ -694,8 +694,6 @@ If your code is using the `IncludeRootDiscriminatorInJsonId` API, simply change #### The referenced Newtonsoft.Json version was updated from 10.0.2 to 13.0.1 -[Tracking Issue #34666](https://github.com/dotnet/efcore/pull/34666) - ##### Old behavior The Cosmos provider referenced Newtonsoft.Json version 10.0.2.