Upgrade packages that have a dependence to a vulnerable version of NewtonSoft.Json by Yannike · Pull Request #1517 · DotSpatial/DotSpatial · GitHub
Skip to content

Upgrade packages that have a dependence to a vulnerable version of NewtonSoft.Json#1517

Open
Yannike wants to merge 1 commit into
DotSpatial:masterfrom
Yannike:UpdateNewtonSoft
Open

Upgrade packages that have a dependence to a vulnerable version of NewtonSoft.Json#1517
Yannike wants to merge 1 commit into
DotSpatial:masterfrom
Yannike:UpdateNewtonSoft

Conversation

@Yannike

@Yannike Yannike commented Jul 17, 2023

Copy link
Copy Markdown

there is a issue in versions prior to 13.0.2 concerning default mx depth causing stack overflow exception and them a DOS.

JamesNK/Newtonsoft.Json#2457
JamesNK/Newtonsoft.Json#2462

Checklist

  • [x ] I have included examples or tests
  • [x ] I have updated the change log
  • [x ] I am listed in the CONTRIBUTORS file
  • [x ] I have cleaned up the commit history (use rebase and squash)

Changes proposed in this pull request:

  • Update packages that have a dependence to vulnerable version of Newtonsoft.Json

@jany-tenaj

Copy link
Copy Markdown
Contributor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants