Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update minimum SqlClient versions to avoid vulnerability #149

Closed
madelson opened this issue Nov 9, 2022 · 2 comments
Closed

Update minimum SqlClient versions to avoid vulnerability #149

madelson opened this issue Nov 9, 2022 · 2 comments
Labels
enhancement
Milestone
2.3.3

Comments

@madelson
Copy link
Owner

madelson commented Nov 9, 2022

See GHSA-8g2p-5pqh-5jmc

Obviously app consumers can perform the update themselves since we just set a lower bound, but by updating we can be sure that we won't bring a bad version in transitively.
@jinghua395
Copy link

Hi,

I would like to upvote this issue.

As I have tried to run this lib in Linux, and it crashed my app, as the current version Microsoft.Data.SqlClient 2.2.0 is not compatible with Linux.

@madelson
Copy link
Owner Author

madelson commented Apr 21, 2023
edited
Loading

@jinghua395 thanks for the feedback. The library specifies a lower bound so you can install a higher version of Microsoft.Data.SqlClient in your app just by adding a package reference.

I wasn't aware that 2.2 didn't support Linux; do you know what version adds Linux support?

I'm reluctant to require version 5+ given this issue.

@madelson madelson added this to the 2.3.3 milestone Jul 17, 2023
@Bartleby2718 Bartleby2718 mentioned this issue Feb 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
2.3.3
Development

No branches or pull requests
2 participants
@madelson @jinghua395