HokiePokeDad
✅ .NET 8 CVE-2024-38167 and updating project references
following up... this is my mistake. we build our applications as self-contained on external build servers. these build servers have the vulnerable sdk and runtimes installed on them and therefore was packaging the wrong versions. updating them to 8.0.401 sdk and 8.0.8 runtime fixed our issues and are now using patched versions.
14 replies
✅ .NET 8 CVE-2024-38167 and updating project references
Yes, I get that much and the responsibility is on our end to ensure proper measure are taken to secure channels. The other part to this is the information disclosure: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38167
The patch for this is 8.0.8. In order for us to release new versions of our application, we have to remediate by upgrading to the latest version. Before I reach out to our security group about this, I was hoping to see if there was any other insight on if it's possible to update our references to 8.0.8?
14 replies