IKVM
System.Text.Json vulnerability #593
martin-honnen
started this conversation in
General
Replies: 1 comment
-
|
NuGet unifies to the highest dependent package version. So just install the later one? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
GHSA-hh2w-p6rv-4g7w gives a vulnerability for System.Text.Json 8.0.0 as used in IKVM 8.10.1 via https://www.nuget.org/packages/Microsoft.Extensions.DependencyModel/8.0.0.
It seems a fix with System.Text.Json 8.0.4 is in the 8.0.1 version of https://www.nuget.org/packages/Microsoft.Extensions.DependencyModel.
Is there any way for a user of IKVM to use the current IKVM version and ensure it uses the 8.0.1 fix?
Or does that require a new IKVM release?
Beta Was this translation helpful? Give feedback.
All reactions