Microsoft.Azure.Devices.Client v1.42.0 has indirect security vulnerabilies

Question

Microsoft.Azure.Devices.Client v1.42.0 has indirect security vulnerabilies

fgheysels opened this issue a year ago · 3 comments

I use Microsoft.Azure.Devices.Client Version 1.42.0 in an IoT Edge project, and it appears that this project has a (transitive) dependency on System..Net.Http v4.3 which would contain security vulnarabilities:

Answer 1 · 2023-12-01T22:38:58.000Z

This has been fixed by removing some out-of-support .net targets from this project via #3400

Answer 2 · 2023-12-13T23:30:35.000Z

It looks like we also need to replace the Azure Storage SDK that we use in our file upload APIs to fully clear the current security issues here, so I'll un-mark this as "fix checked in" while we work on making that happen

Answer 3 · 2023-12-21T19:55:05.000Z

Addressed in 1.42.2 build