We’ve just released NServiceBus 8.1.5 and 8.0.7.
- #6901 Add top-level reference to System.Security.Cryptography.Pkcs
This release ensures that users are not getting a transitive dependency to a vulnerable version of System.Security.Cryptography.Pkcs as detailed in CVE-2023-29331. You should upgrade immediately if your software has not already been upgraded to use version 7.0.2 or later of System.Security.Cryptography.Pkcs. Otherwise, you should upgrade during your next maintenance window.
You can install the new versions of NServiceBus from NuGet.
The team in Particular
Please read our release policy for more details.