From 05681a0ca7356142afdef266fcf69854665a3a4b Mon Sep 17 00:00:00 2001 From: Christian Kadluba <10721825+ckadluba@users.noreply.github.com> Date: Sat, 5 Jul 2025 00:00:04 +0200 Subject: [PATCH 1/4] Bumped minor version after release --- src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj b/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj index 8cccba2a..2e2db0fa 100644 --- a/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj +++ b/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj @@ -2,7 +2,7 @@ A Serilog sink that writes events to Microsoft SQL Server and Azure SQL - 8.2.1 + 8.2.2 true 8.0.0 Michiel van Oudheusden;Christian Kadluba;Serilog Contributors From faff00fa0844063283ccb5346b34af9f3ed075eb Mon Sep 17 00:00:00 2001 From: Christian Kadluba <10721825+ckadluba@users.noreply.github.com> Date: Fri, 11 Jul 2025 11:21:49 +0200 Subject: [PATCH 2/4] Fixed issue #624: Enforce new version of transient dependency to fix vulnerability and avoid nuget.org version de-listing until SqlClient 6.1 is released. --- CHANGES.md | 3 +++ Directory.Packages.props | 1 + src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj | 1 + 3 files changed, 5 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 828a0cce..855f0ecb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,6 @@ +# 8.2.2 +* Fixed issue #624: Enforce new version of transient dependency to fix vulnerability and avoid nuget.org version de-listing until SqlClient 6.1 is released. + # 8.2.1 * Updated SqlClient to 5.2.3 (thanks to @cancakar35) * Fixes in .editorconfig (thanks to @cancakar35) diff --git a/Directory.Packages.props b/Directory.Packages.props index ea880d78..9736d398 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -11,6 +11,7 @@ + diff --git a/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj b/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj index 2e2db0fa..4f1da52c 100644 --- a/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj +++ b/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj @@ -36,6 +36,7 @@ + From 9946beaf37a0f69898245a8bb6e437e43b9edd71 Mon Sep 17 00:00:00 2001 From: Christian Kadluba <10721825+ckadluba@users.noreply.github.com> Date: Fri, 11 Jul 2025 11:36:22 +0200 Subject: [PATCH 3/4] Create SECURITY.md --- SECURITY.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..667f8e8b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Supported Versions + +We currently do not maintain older major versions of the sink and backport security fixes. Fixes are usually created as a new release based on the latest existing release. + +## Reporting a Vulnerability + +If you find a security related problem in the library, please create an issue in the GitHub repository and give us as much details and context as you can. From d01a312340e3be117c65e30e21515cd9bae08813 Mon Sep 17 00:00:00 2001 From: Christian Kadluba <10721825+ckadluba@users.noreply.github.com> Date: Fri, 11 Jul 2025 20:02:20 +0200 Subject: [PATCH 4/4] Fixed issue #624 (2nd try) Enforce new version of transient dependency to fix vulnerability and avoid nuget.org version de-listing until SqlClient 6.1 is released. Now updated the vulnerable dependency (Microsoft.Identity.Client) to it's latest version 4.73.1 because even 4.72.1 is marked deprecated on nuget.org. This should hopefully satisfy the security scanners at nuget.org. --- Directory.Packages.props | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index 9736d398..f8506085 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -11,7 +11,7 @@ - +