Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Update System.Net.Http from System.Net.Http@4.3.0 to 4.3.2 to avoid DoS, SFB, PE and Spoofing issues.
See original GitHub issueDescription
Update the System.Net.Http from version 4.3.0 to 4.3.2 to avoid Security Feature Bypass, Denial of Service, Elevation of Privilege and Spoofing issues introduced with the prior version. Check https://github.com/aspnet/Announcements/issues/239 and https://app.snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045.
I recently saw this issue using the snyk application on my Github account.
Example:
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Update System.Net.Http from System.Net.Http@4.3.0 ...
2 to avoid Security Feature Bypass , Denial of Service , Elevation of Privilege and Spoofing issues introduced with the prior version.
Read more >Found conflicts between System.Net.Http
Update 19Mar2022: the latest NuGet package Version 4.3.4 has assembly version 4.1.1.3, assembly version 4.2.0.0 still is not directly installed.
Read more >System.Net.Http 4.3.2
This package has at least one vulnerability with high severity. It may lead to specific problems in your project. Try updating the package ......
Read more >System.Net.Http is driving me insane. : r/csharp
1, I've had a torrent of issues with System.Net.Http .dll references on our build server. I've kind of lost track of the solutions...
Read more >How System.Net.Http 4.3.0 Ruined Everyone's Day - tsJensen
I have not updated the MessageWire library for about a year now. But it still works just fine. Mostly. New Year's resolution #1:...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
We do have plans to move the TP to target netstandard 2.0 soon which should address this.
System.Net.Http is not used in any of the TestPlatform flows and hence we won’t be taking up the changes recommended for transitive dependency.