NServiceBus 8.2.3 and 8.1.8 – Patch releases available

Hi everyone,

We’ve just released NServiceBus 8.2.3 and 8.1.8.

Fixed bugs

  • #7134 System.Formats.Asn1 vulnerability (CVE-2024-38095)
  • #7133 System.Text.Json vulnerability (CVE-2024-30105)

How to know if you are affected

You are affected by #7134 if you are using NServiceBus 8.2.x or 8.1.x and you are not explicitly referencing System.Formats.Asn1 8.0.1 or later.

You are affected by #7133 if you are using NServiceBus 8.2.x or 8.1.x and you are not explicitly referencing System.Text.Json 8.0.4 or later.

Symptoms

For #7134, see the GHSA-hh2w-p6rv-4g7w security advisory.

For #7133, see the GHSA-447r-wph3-92pm security advisory.

When to upgrade

You should upgrade immediately if you are affected by the bug. Otherwise, you should upgrade during your next maintenance window.

Where to get it

You can install the new versions of NServiceBus from NuGet.

Please read our release policy for more details.

With thanks,
The team in Particular