Hi everyone,
We’ve just released NServiceBus 8.1.5 and 8.0.7.
Fixed bugs
- #6901 Add top-level reference to System.Security.Cryptography.Pkcs
When to upgrade
This release ensures that users are not getting a transitive dependency to a vulnerable version of System.Security.Cryptography.Pkcs as detailed in CVE-2023-29331. You should upgrade immediately if your software has not already been upgraded to use version 7.0.2 or later of System.Security.Cryptography.Pkcs. Otherwise, you should upgrade during your next maintenance window.
Where to get it
You can install the new versions of NServiceBus from NuGet.
With thanks,
The team in Particular
Please read our release policy for more details.