Security patch for CVE-2020-0602 & CVE-2020-0603 (#837)

* List security patches * Update .NET Core to v3.1.1
tomkerkhove · Jan 15, 2020 · c22db92 · c22db92
1 parent 834928e
commit c22db92
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 11 deletions.
diff --git a/build/azure-devops/agents-scraper-release-official.yml b/build/azure-devops/agents-scraper-release-official.yml
@@ -4,7 +4,7 @@ resources:
 trigger: none
 pr: none
 variables:
-  DotNet.SDK.Version: '3.1.100'
+  DotNet.SDK.Version: '3.1.101'
   Image.Name: 'tomkerkhove/promitor-agent-scraper'
   Image.TaggedName: '$(Image.Name):$(Image.Version)'
   Release.TagName: '$(Build.BuildNumber)'

diff --git a/build/azure-devops/agents-scraper-release-preview.yml b/build/azure-devops/agents-scraper-release-preview.yml
@@ -4,7 +4,7 @@ resources:
 trigger: none
 pr: none
 variables:
-  DotNet.SDK.Version: '3.1.100'
+  DotNet.SDK.Version: '3.1.101'
   Image.Name: 'tomkerkhove/promitor-agent-scraper'
   Image.TaggedName: '$(Image.Name):$(Image.Version)'
   Release.TagName: '$(Build.BuildNumber)'

diff --git a/build/azure-devops/scraper-ci.yml b/build/azure-devops/scraper-ci.yml
@@ -14,7 +14,7 @@ pr:
     - charts/promitor-agent-scraper/*
     - deploy/automation/docker-hub/ci/* # Add Docker Hub bot here to trigger it for testing sake
 variables:
-  DotNet.SDK.Version: '3.1.100'
+  DotNet.SDK.Version: '3.1.101'
   DotNet.Configuration: 'release'
   Image.Name: 'tomkerkhove/promitor-agent-scraper-ci'
   Image.TaggedName: '$(Image.Name):$(Build.BuildNumber)'

diff --git a/changelog/content/experimental/unreleased.md b/changelog/content/experimental/unreleased.md
@@ -0,0 +1,9 @@
+---
+title: "(2018-09-15)"
+date: 2018-09-02T20:46:47+02:00
+weight: 1
+version:
+---
+
+- {{% tag security %}} Patch for CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability ([notice](https://github.com/tomkerkhove/promitor/issues/835))
+- {{% tag security %}} Patch for CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability ([notice](https://github.com/tomkerkhove/promitor/issues/836))
diff --git a/src/Promitor.Core.Configuration/Promitor.Core.Configuration.csproj b/src/Promitor.Core.Configuration/Promitor.Core.Configuration.csproj
@@ -14,9 +14,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="3.1.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.0" />
-    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="3.1.1" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.1" />
+    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.1" />
     <PackageReference Include="Serilog" Version="2.9.0" />
   </ItemGroup>
 

diff --git a/src/Promitor.Core.Telemetry.Metrics/Promitor.Core.Telemetry.Metrics.csproj b/src/Promitor.Core.Telemetry.Metrics/Promitor.Core.Telemetry.Metrics.csproj
@@ -15,8 +15,8 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.ApplicationInsights" Version="2.12.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="3.1.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.1" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="3.1.1" />
     <PackageReference Include="Prometheus.Client" Version="3.1.0" />
   </ItemGroup>
 

diff --git a/src/Promitor.Integrations.AzureStorage/Promitor.Integrations.AzureStorage.csproj b/src/Promitor.Integrations.AzureStorage/Promitor.Integrations.AzureStorage.csproj
@@ -8,7 +8,7 @@
     <ItemGroup>
       <PackageReference Include="Guard.Net" Version="1.2.0" />
       <PackageReference Include="Microsoft.Azure.Storage.Queue" Version="11.1.1" />
-      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.0" />
+      <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.1" />
     </ItemGroup>
 
 </Project>
diff --git a/src/Promitor.Scraper.Host/Dockerfile b/src/Promitor.Scraper.Host/Dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/core/sdk:3.1.100-alpine AS build
+FROM mcr.microsoft.com/dotnet/core/sdk:3.1.101-alpine AS build
 WORKDIR /src
 COPY Promitor.Core/* Promitor.Core/
 COPY Promitor.Core.Configuration/* Promitor.Core.Configuration/
@@ -10,7 +10,7 @@ COPY Promitor.Integrations.AzureStorage/* Promitor.Integrations.AzureStorage/
 COPY Promitor.Scraper.Host/* Promitor.Scraper.Host/
 RUN dotnet publish Promitor.Scraper.Host/Promitor.Scraper.Host.csproj --configuration release --output app
 
-FROM mcr.microsoft.com/dotnet/core/aspnet:3.1.0-alpine as runtime
+FROM mcr.microsoft.com/dotnet/core/aspnet:3.1.1-alpine as runtime
 WORKDIR /app
 COPY --from=build /src/app .