Skip to content

Update SystemTextJsonVersion #4988

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mikem8361 merged 3 commits into from
Oct 9, 2024
Merged

Update SystemTextJsonVersion #4988

mikem8361 merged 3 commits into from
Oct 9, 2024

Conversation

@am11
Copy link
Member

@am11 am11 commented Oct 9, 2024

Fix:

$ ./build.sh
...
dotnet-install: To check the list of dependencies, go to https://learn.microsoft.com/dotnet/core/install, select your operating system and check the "Dependencies" section.
Restore complete (43.7s)
  diagnostics failed with 19 error(s) (86.1s)
    /foo77/diagnostics/src/Microsoft.Diagnostics.DebugServices.Implementation/Microsoft.Diagnostics.DebugServices.Implementation.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/SOS/SOS.Extensions/SOS.Extensions.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-symbol/dotnet-symbol.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 6.0.9 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-trace/dotnet-trace.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-counters/dotnet-counters.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-dsrouter/dotnet-dsrouter.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 6.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Microsoft.Diagnostics.Monitoring.EventPipe/Microsoft.Diagnostics.Monitoring.EventPipe.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4

related PR dotnet/runtime#108704

@am11 am11 requested a review from a team as a code owner October 9, 2024 19:23
@am11 am11 mentioned this pull request Oct 9, 2024
Merged
@mikem8361 mikem8361 merged commit 83d13bc into dotnet:main Oct 9, 2024
@am11 am11 deleted the patch-4 branch October 9, 2024 20:44
@calexander3
Copy link

calexander3 commented Oct 16, 2024

Hey everyone. Can you release this? CVE-2024-43485 is giving me some trouble and this would resolve it.

@mikem8361
Copy link
Contributor

mikem8361 commented Oct 16, 2024

We will be doing another release in November.

@calexander3
Copy link

calexander3 commented Oct 17, 2024

OK. That is unfortunate news as I can't use these tools while there is a high CVE present.

@tomkerkhove
Copy link
Member

tomkerkhove commented Oct 22, 2024

+1 on being unfortunate. We'll need to pull it out of our image.

@mikem8361
Copy link
Contributor

mikem8361 commented Oct 22, 2024

You can install the latest builds with this fix with this feed: https://dev.azure.com/dnceng/public/_artifacts/feed/dotnet-tools

For example:

dotnet tool install -g dotnet-sos --add-source https://dev.azure.com/dnceng/public/_artifacts/feed/dotnet-tools

@mikem8361
Copy link
Contributor

mikem8361 commented Nov 5, 2024

This fix has official been released now in 9.0.553101.

@am11 am11 mentioned this pull request Nov 14, 2024
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Dec 6, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@mikem8361 mikem8361 mikem8361 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@am11 @calexander3 @mikem8361 @tomkerkhove