.net core CVE-2017-0249特权问题的提升
我们使用VS2015在asp.net core 1.1版本上开发了我们的应用程序.net core CVE-2017-0249特权问题的提升,.net-core,asp.net-core-mvc,.net Core,Asp.net Core Mvc,我们使用VS2015在asp.net core 1.1版本上开发了我们的应用程序 We are facing Elevation of Privilege issue for `System.Net.Security` 4.3.0 in my application while deploying build using Jenkins. So I have created a direct dependency for `System.Net.Security` by changing its
We are facing Elevation of Privilege issue for `System.Net.Security` 4.3.0 in my application while deploying build using Jenkins. So I have created a direct dependency for `System.Net.Security` by changing its version to 4.3.1 from 4.3.0 in `project.json` file as below,
But I am still facing Elevation of Privilege issue with new warning messages for runtime/win/unix
paths of System.Net.Security.
What I see is in project.lock.json is that version 4.3.1 is not getting reflected after adding direct dependency in project.json as seen below,
我希望project.lock.json文件自动更新为4.3.1版本,但这并没有发生
Please let me know if I need to make any additional changes apart of adding direct dependency.
Project.json
project.lock.json
我应该能够修复这个构建问题,并且应该能够使用jenkins部署构建
"netcoreapp1.1": {
"dependencies": {
"Microsoft.NETCore.App": {
"type": "platform",
"version": "1.1.0"
},
"System.Net.Security": "4.3.1"
}
}
"System.Net.Security/4.3.1": {
"type": "package",
"dependencies": {
"Microsoft.NETCore.Platforms": "1.1.0",
"Microsoft.Win32.Primitives": "4.3.0",
"System.Collections": "4.3.0",
"System.Collections.Concurrent": "4.3.0",
"System.Diagnostics.Tracing": "4.3.0",
"System.Globalization": "4.3.0",
"System.Globalization.Extensions": "4.3.0",
"System.IO": "4.3.0",
"System.Net.Primitives": "4.3.0",
"System.Resources.ResourceManager": "4.3.0",
"System.Runtime": "4.3.0",
"System.Runtime.Extensions": "4.3.0",
"System.Runtime.Handles": "4.3.0",
"System.Runtime.InteropServices": "4.3.0",
"System.Security.Claims": "4.3.0",
"System.Security.Cryptography.Algorithms": "4.3.0",
"System.Security.Cryptography.Encoding": "4.3.0",
"System.Security.Cryptography.OpenSsl": "4.3.0",
"System.Security.Cryptography.Primitives": "4.3.0",
"System.Security.Cryptography.X509Certificates": "4.3.0",
"System.Security.Principal": "4.3.0",
"System.Text.Encoding": "4.3.0",
"System.Threading": "4.3.0",
"System.Threading.Tasks": "4.3.0",
"System.Threading.ThreadPool": "4.3.0",
"runtime.native.System": "4.3.0",
"runtime.native.System.Net.Security": "4.3.0",
"runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0"
},
"compile": {
"ref/netstandard1.3/System.Net.Security.dll": {}
},
"runtimeTargets": {
"runtimes/unix/lib/netstandard1.6/System.Net.Security.dll": {
"assetType": "runtime",
"rid": "unix"
},
"runtimes/win/lib/netstandard1.3/System.Net.Security.dll": {
"assetType": "runtime",
"rid": "win"
}
}
}