Kentor.AuthServices 0.21.2 Security Release | Passion for Coding
<
div id=”primary” class=”col-md-8 “>
.
.
Kentor.AuthServices 0.21.2 has actually simply been launched to NuGet. It is a security release repairing 3 problems.
- XML External Entity Injection (affecting.NET 4.5 just)
- Harmful IdP can trigger compose to approximate file
- Flawed ReturnUrl recognition causes Open Redirect
The very first 2 problems were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I have actually feared the day when I would get a security problem I am incredibly delighted with the professionalism of the disclosure. I got the report independently, consisting of in-depth descriptions, recreation actions and strong suggestions on how to repair it. I am extremely grateful you put in the time to examine AuthServices and discover the problems and for the in-depth reports.
More information on the vulernabilities will be released later on.
. . . .Software Application Advancement is a Task– Coding is an Enthusiasm