Kentor.AuthServices 0.21.2 has just been released to NuGet. It is a security release fixing three issues.
- XML External Entity Injection (affecting .NET 4.5 only)
- Malicious IdP can cause write to arbitrary file
- Flawed ReturnUrl validation leads to Open Redirect
The first two issues were reported by John Heasman, Morgan Roman and Joshua Estalilla from DocuSign. While I have dreaded the day when I would get a security issue I am extremely happy with the professionalism of the disclosure.
This may also be of interest to you
Similar topics
More details on the vulernabilities will be published later.
Software Development is a Job – Coding is a Passion
I’m Anders Abel, an independent systems architect and developer in Stockholm, Sweden.
Code for most posts is available on my GitHub account.
Archives
Series
Source link
Related posts:
Creating Psychological Safety for a High-Performing Team - Project Bliss
Remove the [External] Tag in Outlook
Productive Conversations: A Masterclass in Mutuality, Exploration, and Active Listening
Starbursting: Brainstorming to Generate Ideas & Make Great Products - Project Bliss
VLOG | Scrum Master Duties, Breakfast, + What I Do In Between Meetings
5 Phrases To Avoid As A Scrum Master
Agile Carolinas: Requirements with Agile - How to become better
Taylorism: Then & Now | Project Management Essentials
Certified Scrum Master Full Course | Scrum Master Training | Scrum Master Course | Simplilearn
Patrick Debois talks about changing the quality of life of others - Yves Hanoulle
The greatest danger to developers
How to Interview Scrum Masters