-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNOW-1463590: BouncyCastle.Cryptography Issue #962
Comments
hi and thanks for raising this with us ! just to double check and be on the same page, is AKS flagging CVE-2024-30172(GHSA-m44j-cfrm-g8qc) or is it some other vulnerability it detects ? |
Hello, it is flagged as high severity for CVE-2024-29857 and CVE-2024-30172. |
thank you for confirming - both seem to be classified as Moderate but regardless, we'll take care. Thank you again for your report ! |
Thanks much! appreciate it. |
PR: #964 |
PR is merged and will be part of the next release, which is expected towards second half of June 2024 |
Will update this thread once more information is known about the next upcoming major release of the .NET driver which will carry this fix. edit: confirming with Product team; release should be available by mid-July 2024 |
fix released with Snowflake .NET driver version v4.0.0 in July 2024 |
Hi Team,
This is not really a bug but just a request to update the connector dependency BouncyCastle.Cryptography package.
v2.2.1 is getting flag as security vulnerability in AKS, could you please update it to v2.3.1 or higher.
Please answer these questions before submitting your issue.
In order to accurately debug the issue this information is required. Thanks!
What version of .NET driver are you using? NET 8
What operating system and processor architecture are you using? Windows and Unix
What version of .NET framework are you using? NET 8
E.g. .net framework 4.5.2 or .net standard 2.0
What did you do?
no error just package update needed.
What did you expect to see?
Need the dependency package updated to v2.3.1 or higher.
Can you set logging to DEBUG and collect the logs?
https://community.snowflake.com/s/article/How-to-generate-log-file-on-Snowflake-connectors
not applicable
What is your Snowflake account identifier, if any? (Optional)
The text was updated successfully, but these errors were encountered: