[CSHARP-2478] Update dependency System.Net.Security to 4.3.2 Created: 11/Jan/19  Updated: 28/Oct/23  Resolved: 07/Feb/19

Status: Closed
Project: C# Driver
Component/s: Build
Affects Version/s: None
Fix Version/s: 2.8.0

Type: Improvement Priority: Minor - P4
Reporter: Ruslan Khasanbaev Assignee: Vincent Kam (Inactive)
Resolution: Fixed Votes: 22
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible

 Description   

Update dependency on System.Net.Security from 4.0.0  to 4.3.2
The reason is  System.Net.Security:4.0.0 is vulnerable to Authentication Bypass attacks.  

Looks like it's not break backward compatibility.

 



 Comments   
Comment by Githook User [ 07/Feb/19 ]

Author:

{'name': 'Ruslan Khasanbaev', 'email': 'flaksirus@gmail.com', 'username': 'flaksirus'}

Message: CSHARP-2478: Update dependency "System.Net.Security" to version 4.3.2
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/73f78af6a2fe11aab2c988e4d87ae0e9b0c1a071

Comment by Denis Babarykin [ 14/Jan/19 ]

I am interested in solving this issue too. It will be very good if you solve this problem very soon.

Comment by Ruslan Khasanbaev [ 11/Jan/19 ]

There is more vulnerabilities associated with this package:
Denial of Service (DoS)

Improper Certificate Validation

Privilege Escalation

Comment by Bekasov Denis [ 11/Jan/19 ]

It is a very important issue for me! Thank`s, Ruslan!

Comment by Ruslan Khasanbaev [ 11/Jan/19 ]

I've created pull request for this issue.

 

Generated at Wed Feb 07 21:42:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.