Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: CG Alert: Upgrade System.IdentityModel.Tokens.Jwt to latest version on Microsoft.Azure.WebJobs.Extensions.SignalRService namespace #44015

Open
srini3793 opened this issue May 14, 2024 · 1 comment
Open

[BUG]: CG Alert: Upgrade System.IdentityModel.Tokens.Jwt to latest version on Microsoft.Azure.WebJobs.Extensions.SignalRService namespace #44015

srini3793 opened this issue May 14, 2024 · 1 comment
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. SignalR

Comments

@srini3793
Copy link

Library name and version

Microsoft.Azure.WebJobs.Extensions.SignalRService 1.13.0

Describe the bug

I've received cg alert on following package reference coming through latest version of Microsoft.Azure.WebJobs.Extensions.SignalRService
Upgrade System.IdentityModel.Tokens.Jwt from 6.5.0 to 6.34.0 to fix the vulnerability.

Kindly upgrade the dependecy to latest version and release the newer version for downstream consumption

Expected behavior

Security vulnerability fix by upgrading mentioning package

Actual behavior

Older version of System.IdentityModel.Tokens.Jwt is used which seems to be flagged with security issue

Reproduction Steps

Check the dependent packages versions

Environment

No response
@github-actions github-actions bot added Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. SignalR labels May 14, 2024
@github-actions GitHub Actions
Copy link

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @chenkennt @sffamily @Y-Sindo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. SignalR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@srini3793