Skip to content

Commit

Permalink
Bump System.Text.Json version due to [CVE-2024-30105](dotnet/runtime#…
Browse files Browse the repository at this point in the history
  • Loading branch information
rajkumar-rangaraj committed Jul 9, 2024
1 parent 46265e3 commit ebd15f6
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 4 deletions.
4 changes: 2 additions & 2 deletions Directory.Packages.props
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,10 @@
<PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />

<!-- A conservative version of System.Text.Encodings.Web must be used here since there is no backward compatibility guarantee during major version bumps. -->
<PackageVersion Include="System.Text.Encodings.Web" Version="4.7.2" />
<PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />

<!-- A conservative version of System.Text.Json must be used here since there is no backward compatibility guarantee during major version bumps. -->
<PackageVersion Include="System.Text.Json" Version="4.7.2" />
<PackageVersion Include="System.Text.Json" Version="8.0.4" />

<!-- A conservative version of System.Threading.Tasks.Extensions must be used here since there is no backward compatibility guarantee during major version bumps. -->
<PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
Expand Down
2 changes: 1 addition & 1 deletion examples/Directory.Packages.props
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<Project>
<Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
<ItemGroup>
<PackageVersion Update="System.Text.Json" Version="6.0.5" />
<PackageVersion Update="System.Text.Json" Version="8.0.4" />
</ItemGroup>
</Project>
5 changes: 5 additions & 0 deletions src/OpenTelemetry.Exporter.Console/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@

## Unreleased

* Bumped the minimum required version of `System.Text.Json` to 8.0.4 and its
indirect dependency on `System.Text.Encodings.Web` to 8.0.0 in response to
[CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
([#](https://github.com/open-telemetry/opentelemetry-dotnet/pull/))

## 1.9.0

Released 2024-Jun-14
Expand Down
4 changes: 4 additions & 0 deletions src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@
`Convert.ToString` will now format using `CultureInfo.InvariantCulture`.
([#5700](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5700))

* Bumped the minimum required version of `System.Text.Json` to 8.0.4 in response
to [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
([#](https://github.com/open-telemetry/opentelemetry-dotnet/pull/))

## 1.9.0

Released 2024-Jun-14
Expand Down
2 changes: 1 addition & 1 deletion test/Directory.Packages.props
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<Project>
<Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
<ItemGroup>
<PackageVersion Update="System.Text.Json" Version="7.0.1" />
<PackageVersion Update="System.Text.Json" Version="8.0.4" />
<PackageVersion Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
<PackageVersion Include="Microsoft.Coyote" Version="1.7.10" />
</ItemGroup>
Expand Down

0 comments on commit ebd15f6

Please sign in to comment.