Hi everyone,
We’ve just released NServiceBus 8.2.3 and 8.1.8.
Fixed bugs
- #7134 System.Formats.Asn1 vulnerability (CVE-2024-38095)
- #7133 System.Text.Json vulnerability (CVE-2024-30105)
How to know if you are affected
You are affected by #7134 if you are using NServiceBus 8.2.x or 8.1.x and you are not explicitly referencing System.Formats.Asn1 8.0.1 or later.
You are affected by #7133 if you are using NServiceBus 8.2.x or 8.1.x and you are not explicitly referencing System.Text.Json 8.0.4 or later.
Symptoms
For #7134, see the GHSA-hh2w-p6rv-4g7w security advisory.
For #7133, see the GHSA-447r-wph3-92pm security advisory.
When to upgrade
You should upgrade immediately if you are affected by the bug. Otherwise, you should upgrade during your next maintenance window.
Where to get it
You can install the new versions of NServiceBus from NuGet.
Please read our release policy for more details.
With thanks,
The team in Particular