3.4.0
Steeltoe 3.4 improves overall security and updates all vulnerable dependencies. As a result:
- .NET 6 is no longer targeted, because no compatible non-vulnerable version of OpenTelemetry exists.
- .NET 8 support was added for Integration/Messaging/Stream.
- Updated KubernetesClient library may result in behavior changes.
- The versions of System/Microsoft libraries for the NetStandard target were updated.
For the full details of runtime and package changes, see #1688.
What's Changed
- Bump 3x vulnerable dependencies; drop net60 by @bart-vmware in #1688
- Fix management port isolation bypass by @TimHess in 4cbc352
- Fix Eureka DataCenterInfo poisoning by @TimHess in b8ed855
- Enhance /env sanitizer by @TimHess in bef9f14
- Require FULL Permissions on /env, /threaddump, /heapdump by default by @TimHess in da6c604
- Fix Vault token leak on HTTP redirect by @TimHess in 610ebde
- Add expiration to JWT/OpenID keys caching by @TimHess and @bart-vmware in 17b27b8
Full Changelog: 3.3.0...4.3.0
Contributors
TimHess and bart-vmware