Hi everyone,
We’ve just released NServiceBus.Transport.AzureServiceBus 6.2.2.
Fixed bugs
- #1369 Subscription name override not applied when using hierarchy namespaces
- #1375 Injection of Azure Service Bus Administration Port Fails when port has a trailing /
Fixed CVEs
- #1384 GitHub Security Advisory ID (GHSA-37gx-xxp4-5rgx)
- #1385 GitHub Security Advisory ID (GHSA-w3x6-4m5h-cxqf)
How to know if you are affected
You are affected by #1369 if you use hierarchical namespaces and subscription name overrides that omit the hierarchy in the queue names keys.
You are affected by #1375 if you use a connection string that ends in a / for the Azure Service Bus emulator.
You are affected by #1384 and #1385 if you are using previous versions of any of these components, but this doesn’t necessarily mean you are vulnerable.
Symptoms
For #1369, subscription name overrides are not applied when using hierarchical namespaces.
For #1375, injection of the Azure Service Bus Administration Port fails when attempting to replace the port with 5300.
For #1384 and #1385, for NuGet packages your projects have the setting NuGetAuditMode set to all and see transitive dependency warnings at build time that mention Particular packages.
When to upgrade
You should upgrade immediately if you are affected. Otherwise, you should upgrade during your next maintenance window.
Where to get it
You can install NServiceBus.Transport.AzureServiceBus 6.2.2 from NuGet.
Please read our release policy for more details.
With thanks,
The team in Particular