Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update System.IdentityModel.Tokens.Jwt dependency to fix security vulnerabilites #739

Closed
MartinGreen opened this issue Mar 13, 2024 · 2 comments · Fixed by #744
Closed

Update System.IdentityModel.Tokens.Jwt dependency to fix security vulnerabilites #739

MartinGreen opened this issue Mar 13, 2024 · 2 comments · Fixed by #744
Labels
type: security known security issue

Comments

@MartinGreen
Copy link

Issue Summary

The library is currently referencing vulnerable versions of the System.IdentityModel.Tokens.Jwt library.

Warnings are shown in the package management system in Visual Studio and point to the following links
GHSA-8g9c-28fc-mcx2
GHSA-59j7-ghrg-fj52

It should be updated to use the latest versions of the jwt libraries which include fixes for these issues. Currently using 6.15, fixed is >=6.34.

Steps to Reproduce

  1. Install the Twilio package through NuGet
  2. See the warnings in VS

Technical details:

  • twilio-csharp version: 7.0.1
  • csharp version: net8
@MartinGreen MartinGreen changed the title Update System.IdentityModel.Tokens.Jwt dependancy to fix security vulnerabilites Update System.IdentityModel.Tokens.Jwt dependency to fix security vulnerabilites Mar 13, 2024
@sbansla sbansla added the type: security known security issue label Apr 1, 2024
@jonreis
Copy link

jonreis commented May 2, 2024

I'm having the same issue. Our build process prevents a release if nuget packages with security vulnerabilities are detected. Any updates on a fix?

@tiwarishubham635 tiwarishubham635 mentioned this issue May 18, 2024
Merged
8 tasks
@tiwarishubham635
Copy link
Contributor

@MartinGreen @jonreis please check #744

@tiwarishubham635 tiwarishubham635 mentioned this issue May 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: security known security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: updating jwt version twilio/twilio-csharp
4 participants
@jonreis @MartinGreen @tiwarishubham635 @sbansla