Hi everyone,
We’ve just released NServiceBus.AzureFunctions.Worker.ServiceBus 4.2.3 and 3.1.2.
Fixed bugs
- #449 Remote Code Execution Vulnerability in dependency of NServiceBus.AzureFunctions.Worker.ServiceBus
How to know if you are affected
Anyone using the NServiceBus.AzureFunctions.Worker.ServiceBus package without explicitly updating transitive dependencies is affected.
Symptoms
A vulnerable release of Azure.Identity is included in the .azurefunctions subdirectory of the build output.
When to upgrade
You should upgrade during your next maintenance window. However, this update is not required if top-level dependency is taken on Microsoft.Azure.Functions.Worker.Extensions.ServiceBus version 5.15.0 or later.
Where to get it
You can install the new versions of NServiceBus.AzureFunctions.Worker.ServiceBus from NuGet.
With thanks,
The team in Particular
Please read our release policy for more details.