Uploaded image for project: 'Couchbase .NET client library'
  1. Couchbase .NET client library
  2. NCBC-3028

Upgrade App.Metrics to mitigate security scan warnings

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 3.3.2
    • None
    • None
    • None
    • 1

    Description

      https://forums.couchbase.com/t/compromised-3rd-party-libraries/32278

      I think the security scanning tool you're using to find that dependency may either be flawed or misconfigured. There is actually no combination of target frameworks for the Couchbase SDK that would ever bring in that dependency. The NETStandard.Library 1.6.1 dependency is overridden by NETStandard.Library 2.0.3 dependencies closer to the bottom of the dependency tree.

      That said, this may be mitigated by an upgrade to App.Metrics 4.3.0, which offers a specific netstandard2.0 dependency list. Depends, again, on how your security scanning tool is looking at it.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            jmorris Jeff Morris
            btburnett3 Brant Burnett
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty