EPPlus version 7.4.1

JanKallman · JanKallman · commit b7f9fbdc1995 · 2024-10-11T10:54:06.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -26,5 +26,6 @@ Create an issue in our [issue tracker](https://github.com/EPPlusSoftware/EPPlus/
 ## Vulnerabilities
 |Detected|Resolved|Affected EPPlus versions|CVE|Our comment|Resolution|
 |--------|--------| ----------------------|---|----------|----------|
-|September 9, 2024||EPPlus 7.x, targeting .NET 7 or 8|[Microsoft Security Advisory CVE-2024-38095](https://github.com/advisories/GHSA-447r-wph3-92pm) and [Microsoft Security Advisory CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w)|Microsoft has released security fixes for System.Text.Json and System.Formats.Asn1 (transient dependencies in EPPlus). The potential risk for most users should be low.|Patch to be released in version 7.3.2|
+|October 10, 2024|October 11, 2024|EPPlus 7.x,targeting .NET 7 or 8|[Microsoft Security Advisory CVE-2024-38095](https://github.com/advisories/GHSA-447r-wph3-92pm) and [Microsoft Security Advisory CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w)|Microsoft has released a security fix in Microsoft.Extensions.Configuration.Json 8.0.1. The potential risk for most users should be low.|Patch  released in version 7.4.1|
+|September 9, 2024||EPPlus 7.x, targeting .NET 7 or 8|[Microsoft Security Advisory CVE-2024-38095](https://github.com/advisories/GHSA-447r-wph3-92pm) and [Microsoft Security Advisory CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w)|Microsoft has released security fixes for System.Text.Json and System.Formats.Asn1 (transient dependencies in EPPlus). The potential risk for most users should be low.|Patch  released in version 7.3.2|
 |June 15, 2023|June 15, 2023|EPPlus 6.x prior to 6.2.6, targeting .NET 6 or 7.|[.NET Denial of Service vulnerability (CVE 2023-29331)](https://github.com/advisories/GHSA-555c-2p6r-68mm)|Microsoft has released a security fix for a Denial of Service vulnerability (CVE-2023-29331) in System.Security.Cryptography.Pkcs for .NET 6 and .NET 7. EPPlus uses this component for x509 certificates used when signing VBA projects in a workbook. The potential risk for most users should be low, as the certificates used to sign your workbooks are usually known.|Upgrade to EPPlus 6.2.6 or higher|
diff --git a/appveyor7.yml b/appveyor7.yml
@@ -1,20 +1,20 @@
-version: 7.4.0.{build}
+version: 7.4.1.{build}
 branches:
   only:
   - develop7
 configuration: release
 image: Visual Studio 2022
 init:
 - ps: >-
-    Update-AppveyorBuild -Version "7.4.0.$env:appveyor_build_number-$(Get-Date -format yyyyMMdd)-$env:appveyor_repo_branch"
+    Update-AppveyorBuild -Version "7.4.1.$env:appveyor_build_number-$(Get-Date -format yyyyMMdd)-$env:appveyor_repo_branch"
 
-    Write-Host "7.4.0.$env:appveyor_build_number-$(Get-Date -format yyyyMMdd)-$env:appveyor_repo_branch"
+    Write-Host "7.4.1.$env:appveyor_build_number-$(Get-Date -format yyyyMMdd)-$env:appveyor_repo_branch"
 dotnet_csproj:
   patch: true
   file: '**\*.csproj'
   version: '{version}'
-  assembly_version: 7.4.0.{build}
-  file_version: 7.4.0.{build}
+  assembly_version: 7.4.1.{build}
+  file_version: 7.4.1.{build}
 nuget:
   project_feed: true
 before_build:
diff --git a/docs/articles/fixedissues.md b/docs/articles/fixedissues.md
@@ -1,4 +1,7 @@
 # Features / Fixed issues - EPPlus 7
+## Version 7.4.1
+* Updated for vulnerability in System.Text.Json 8.0.4 - Microsoft.Extensions.Configuration.Json 8.0.0 -> 8.0.1
+
 ## Version 7.4.0
 ### Features
 * Support for Conditional Formattings in Pivot tables via Pivot Areas.
diff --git a/src/EPPlus/EPPlus.csproj b/src/EPPlus/EPPlus.csproj
@@ -1,9 +1,9 @@
 ﻿<Project Sdk="Microsoft.NET.Sdk">
 	<PropertyGroup>
 		<TargetFrameworks>net8.0;net7.0;net6.0;netstandard2.1;netstandard2.0;net462;net35</TargetFrameworks>
-		<AssemblyVersion>7.4.0.0</AssemblyVersion>
-		<FileVersion>7.4.0.0</FileVersion>
-		<Version>7.4.0</Version>
+		<AssemblyVersion>7.4.1.0</AssemblyVersion>
+		<FileVersion>7.4.1.0</FileVersion>
+		<Version>7.4.1</Version>
 		<GeneratePackageOnBuild>true</GeneratePackageOnBuild>
 		<PackageProjectUrl>https://epplussoftware.com</PackageProjectUrl>
 		<Authors>EPPlus Software AB</Authors>
@@ -18,22 +18,25 @@
 		<PackageReadmeFile>readme.md</PackageReadmeFile>
 		<Copyright>EPPlus Software AB</Copyright>
 		<PackageReleaseNotes>
-			EPPlus 7.4.0
+			EPPlus 7.4.1
 
 			IMPORTANT NOTICE!
 			From version 5 EPPlus changes the license model using a dual license, Polyform Non Commercial / Commercial license.
 			EPPlus will still have the source available, but for non Polyform NC compliant projects, EPPlus will provide a commercial license.
 			Commercial licenses can be purchased from https://epplussoftware.com
 			This applies to EPPlus version 5 and later. Earlier versions are still licensed LGPL.
 
+			## Version 7.4.1
+			* Updated for vulnerability in System.Text.Json - Microsoft.Extensions.Configuration.Json 8.0.0 -> 8.0.1
+
 			## Version 7.4.0
 			* Conditional formatting in Pivot Tables.
 			* Support for linked pictures in drawings.
 			* Added 2 new functions
 			* Minor features and bug fixes. See https://epplussoftware.com/en/Developers/MinorFeaturesAndIssues
 
 			## Version 7.3.2
-			* Minor features and bug fixes. 
+			* Minor features and bug fixes.
 
 			## Version 7.3.1
 			* Minor features and bug fixes.
