Fix potential security vulnerabilities. #1612
Comments
|
@AraHaan are we talking about obsolete methods in net6? We know there are couple of them inside the driver, but since netcoreapp3.1 is still supported we cannot take them out or replace them. some of the replacements are not supported in the mentioned TFM. |
|
In the PR I mentioned, I do currently special case .NET Core 3.1 (for now), however I do not know for sure if it uses an empty implementation for CAS and CER or if it uses the one from the .NET Framework in .NET Core 3.1. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
In my pr #1536 I have discovered that a few obsolete apis are used which in .NET Core is ignored which can result in some security vulnerabilities.
Of which include:
To reproduce
Currently the PR #1536 shows that to reproduce it, all you have to do is add
net5.0ornet6.0as shown in the PR to the SqlClient projects and then hit compile to get compile errors related to the deprecated apis and it saying not to use them as they can pose as an security issue.Expected behavior
For the obsoleted apis to not be used as per Microsoft's recommendations from the documentations to each compile error that is the result from each of their usage.
Further technical details
Microsoft.Data.SqlClient version: version from repo in #1536
.NET target: .NET 6 (6.0.5)
SQL Server version: SQL Server 2019
Operating system: Windows 11
Additional context
I have made temporary changes to these in #1536, however I would like to split them out of that PR so they do not get blocked until .NET 6 is added to the CI.
The text was updated successfully, but these errors were encountered: