Skip to content

[Internal]AOT: Fixes Newtonsoft package latest version to avoid CVE Vulnerability#5407

Merged
ananth7592 merged 1 commit intomsdata/aotfrom
ananth/msdata-aot-newtonsoft
Sep 23, 2025
Merged

[Internal]AOT: Fixes Newtonsoft package latest version to avoid CVE Vulnerability#5407
ananth7592 merged 1 commit intomsdata/aotfrom
ananth/msdata-aot-newtonsoft

Conversation

@ananth7592
Copy link
Copy Markdown
Member

@ananth7592 ananth7592 commented Sep 15, 2025

Upgraded NewtonSoft library to the latest version 13.0.3 to avoid CVE vulnerabilities that come from the Newtonsoft transitive dependency coming from Microsoft.HybridRow package dependency

Type of change

Please delete options that are not relevant.

  • [] Bug fix (non-breaking change which fixes an issue)
  • [] New feature (non-breaking change which adds functionality)
  • [] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [] This change requires a documentation update

Closing issues

To automatically close an issue: closes #IssueNumber

@ananth7592 ananth7592 force-pushed the ananth/msdata-aot-newtonsoft branch from 1cde8af to 4bc240f Compare September 15, 2025 19:15
@ananth7592 ananth7592 force-pushed the ananth/msdata-aot-newtonsoft branch from 4bc240f to 9da5c51 Compare September 15, 2025 19:17
kundadebdatta
kundadebdatta reviewed Sep 19, 2025
View reviewed changes
Comment thread Microsoft.Azure.Cosmos/src/Microsoft.Azure.Cosmos.csproj
@ananth7592 ananth7592 merged commit a88db31 into msdata/aot Sep 23, 2025
2 checks passed
@ananth7592 ananth7592 deleted the ananth/msdata-aot-newtonsoft branch September 23, 2025 19:19
ananth7592 added a commit that referenced this pull request Sep 25, 2025
@ananth7592
Release 0.1.3-preview.1
3327734 
- Fixes Newtonsoft package latest version to avoid CVE Vulnerability #5407
@ananth7592 ananth7592 mentioned this pull request Sep 25, 2025
Merged
kirankumarkolli pushed a commit that referenced this pull request Sep 25, 2025
@ananth7592
[Internal] AOT: Adds 0.1.3-preview.1 release (#5425)
c4c5dbe 
- Fixes Newtonsoft package latest version to avoid CVE Vulnerability
#5407

# Pull Request Template

## Description

Please include a summary of the change and which issue is fixed. Include
samples if adding new API, and include relevant motivation and context.
List any dependencies that are required for this change.

## Type of change

Please delete options that are not relevant.

- [] Bug fix (non-breaking change which fixes an issue)
- [] New feature (non-breaking change which adds functionality)
- [] Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [] This change requires a documentation update

## Closing issues

To automatically close an issue: closes #IssueNumber
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kundadebdatta kundadebdatta kundadebdatta left review comments

@kirankumarkolli kirankumarkolli kirankumarkolli approved these changes

@adityasa adityasa Awaiting requested review from adityasa adityasa is a code owner

@neildsh neildsh Awaiting requested review from neildsh neildsh is a code owner

@sboshra sboshra Awaiting requested review from sboshra sboshra is a code owner

@FabianMeiswinkel FabianMeiswinkel Awaiting requested review from FabianMeiswinkel FabianMeiswinkel is a code owner

@Pilchie Pilchie Awaiting requested review from Pilchie Pilchie is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ananth7592 @kirankumarkolli @kundadebdatta