[Security] Security Advisory CVE-2023-29331 // dotnet v7.0.304 (#3358)

* Fix security alerts. * Upgrade dotnet to v7.0.304. * Removing empty spaces. Adding reference to System.Security.Cryptography.Pkcs. * Chaging dependency in FHIR.Cosmos
microsoft · Jun 16, 2023 · 9fbfeb6 · 9fbfeb6
1 parent d6ef034
commit 9fbfeb6
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 4 deletions.
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -110,6 +110,7 @@
     <PackageVersion Include="System.Net.Http" Version="4.3.4" />
     <PackageVersion Include="System.Private.ServiceModel" Version="4.10.2" />
     <PackageVersion Include="System.Security.Cryptography.Xml" Version="7.0.1" />
+    <PackageVersion Include="System.Security.Cryptography.Pkcs" Version="7.0.2" />
     <PackageVersion Include="System.Text.Encodings.Web" Version="7.0.0" />
     <PackageVersion Include="xunit.extensibility.core" Version="2.4.2" />
     <PackageVersion Include="xunit.runner.visualstudio" Version="2.4.5" />

diff --git a/build/docker/Dockerfile b/build/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:7.0.203-alpine3.17 AS build
+FROM mcr.microsoft.com/dotnet/sdk:7.0.304-alpine3.17 AS build
 
 ARG FHIR_VERSION
 ARG ASSEMBLY_VER
@@ -68,7 +68,7 @@ COPY . .
 
 RUN dotnet publish /repo/src/Microsoft.Health.Fhir.${FHIR_VERSION}.Web/Microsoft.Health.Fhir.${FHIR_VERSION}.Web.csproj -c Release -o "/build" --no-restore -p:AssemblyVersion="${ASSEMBLY_VER}" -p:FileVersion="${ASSEMBLY_VER}"  -p:Version="${ASSEMBLY_VER}" -f net7.0
 
-FROM mcr.microsoft.com/dotnet/aspnet:7.0.5-alpine3.17 AS runtime
+FROM mcr.microsoft.com/dotnet/aspnet:7.0.7-alpine3.17 AS runtime
 
 ARG FHIR_VERSION
 

diff --git a/build/dotnet6-compat/global.json b/build/dotnet6-compat/global.json
@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "6.0.408"
+        "version": "6.0.410"
     }
 }
diff --git a/global.json b/global.json
@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "7.0.203"
+        "version": "7.0.304"
     }
 }
diff --git a/src/Microsoft.Health.Fhir.CosmosDb/Microsoft.Health.Fhir.CosmosDb.csproj b/src/Microsoft.Health.Fhir.CosmosDb/Microsoft.Health.Fhir.CosmosDb.csproj
@@ -23,6 +23,7 @@
     <PackageReference Include="System.Security.Cryptography.Xml">
       <PrivateAssets>All</PrivateAssets>
     </PackageReference>
+    <PackageReference Include="System.Security.Cryptography.Pkcs" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.Health.Fhir.Api\Microsoft.Health.Fhir.Api.csproj" />