Hi everyone,
We’ve just released NServiceBus 7.8.1 and 7.7.5.
Fixed bugs
- #6626 System.Security.Cryptography.Xml vulnerability (CVE-2022-34716)
How to know if you are affected
You are affected if:
- You are using NServiceBus 7.7.x (7.7.4 or earlier) or 7.8.0 (other versions may be affected, but they are not supported)
- You do not explicitly reference
<PackageReference Include="System.Security.Cryptography.Xml" Version="4.7.1" />or later
Symptoms
For more information about the CVE-2022-34716 vulnerability consult the security advisory documentation.
When to upgrade
You should upgrade immediately if you are affected.
Where to get it
You can install the new versions of NServiceBus from NuGet.
With thanks,
The team in Particular
Please read our release policy for more details.