System.Data.SqlClient needs a version bumb from 4.5.1 to 4.8.3

[mattiaskagstrom]

Microsoft.SqlServer.Types/src/Microsoft.SqlServer.Types/Microsoft.SqlServer.Types.csproj

Line 25 in 02646fb

<Version>4.5.1</Version>

[dotMorten]

Why ? Please include a bit more info or references

[mattiaskagstrom]

Sonatype OSS Index returns this for versions below 4.8.1

[CVE-2014-0257] Improper Input Validation
[CVE-2014-0253] Improper Input Validation
[CVE-2014-4072] Resource Management Errors
[CVE-2014-4149] Improper Input Validation
[CVE-2014-1806] Improper Control of Generation of Code ("Code Injection")
[CVE-2015-1673] Permissions, Privileges, and Access Controls
[CVE-2015-1648] Data Handling
[CVE-2014-4121] Resource Management Errors
[CVE-2015-1672] Cryptographic Issues
[CVE-2015-2504] Improper Restriction of Operations within the Bounds of a Memory Buffer
[CVE-2014-4073] Permissions, Privileges, and Access Controls
[CVE-2015-6096] Information Exposure
[CVE-2015-1671] Data Handling
[CVE-2015-1670] Information Exposure
[CVE-2015-2460] Improper Input Validation
[CVE-2015-6099] Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
[CVE-2015-2526] Code

[dotMorten]

Thanks. So 4.8.1 and not 4.8.3 is needed?

[mattiaskagstrom]

Yeah, 4.8.1 and above are all fine according to OSS