Update System.Drawing.Common package to version 4.7.2.

Question

Update System.Drawing.Common package to version 4.7.2.

Closed this issue 8 months ago · 3 comments

I'm using this package and getting a failure from twistlock for having the following CVE.
Looking deeper into the issue, seems like it's a known issue with the System.Drawing.Common package on version 4.7.0, and that it is fixed on version 4.7.2 which is a dependency of this project..
Since I assume I'm not the only one who encountered the issue, will it be possible to raise the package version from your side to avoid the CVE?

Answer 1 · 2024-02-21T18:51:51.000Z

I have no dependency on this package, and the published dlls don't have that assembly. Are you using PSWSMan from the psgallery or manually building this specific repo?

Answer 2 · 2024-02-22T07:46:42.000Z

hey @jborean93 we're installing from psgallery. in https://www.powershellgallery.com/packages/PSWSMan/2.3.1 under pwswsman/bin/PSWSMan.deps.json we see System.Drawing.Common/4.7.0 target, looks like it was bundled with this version when you published

Answer 3 · 2024-02-22T22:26:25.000Z

The package on the gallery is actually based on https://github.com/jborean93/omi, this repo is designed to be a replacement but I haven't published it yet. The file you've shared is just a reference coming through from the System.Management.Automation dependency the binary has. It's not a hard version and this is provided by PowerShell and nothing to do with this module at all.