System.Drawing.Common 4.7.0

oskarj · January 9, 2024, 11:07am

Hi!
We are using version 23.8.0 of GroupDocs.Assembly for dotnet (NuGet Gallery | GroupDocs.Assembly 23.8.0). That package reference System.Drawing.Common 4.7.0 which has a critical security vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2021-24112

How can we mitigate this ? Can you update your package with a newer version? Or can we reference a newer version to our project?

Best regards
Oskar

atir.tahir · January 9, 2024, 2:40pm

@oskarj
We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): ASSEMBLYNET-11

You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.

oskarj · January 16, 2024, 6:30am

Hi! Any updates regarding this? It must be in your best interest since it’s flagged as a criticial security vulnerability and might be an issue for all your customers running .NET on linux.

//Oskar

atir.tahir · January 16, 2024, 9:04am

@oskarj

This ticket is already under investigation. We’ll keep you posted in case of any update.

oskarj · May 10, 2024, 9:01am

Any updates on this? We are about to renew our license but as long as this is not fixed we will wait.

atir.tahir · May 10, 2024, 2:32pm

@oskarj

We are already investigating this issue. You’ll be notified about the outcomes ASAP.

atir.tahir · June 27, 2024, 7:26pm

@oskarj

This issue is now resolved in API version 24.6.