Skip to content

v2.1.10

Compare
Choose a tag to compare
@potatoqualitee potatoqualitee released this 09 Mar 11:05
· 153 commits to development since this release

THIS RELEASE ADDRESSES TWO CVE'S

This update addresses two CVE's, one in Microsoft.Data.SqlClient and one in Azure.Identity. Thanks to @garyhampson for the update on dbatools.library dataplat/dbatools.library#7

See this announcement from Microsoft for more details.

Essentially:

If you are using Microsoft.Data.SqlClient, anywhere (.NET Core, .NET 6/7/8, .NET Framework) and you are using a version that is vulnerable you must update your NuGet package reference to an updated version: 2.1.7, 3.1.5, 4.0.5, or 5.1.3

An updated version of Microsoft.Data.SqlClient, version 5.1.4, was also released that upgrades the Azure.Identity dependency version to 1.10.3 , which addresses CVE-2023-36414 in that library. (release notes) (download)

What's Changed

New Contributors

Full Changelog: v2.1.9...v2.1.10