Security Advisory Id GHSA-mr8r-92fq-pj8p
This advisory discloses a security vulnerability Patches for components to update their dependencies to avoid references that have the GHSA-mr8r-92fq-pj8p security advisory: OpenTelemetry dotnet: Unbounded grpc-status-details-bin parsing in OTLP/gRPC retry handling.
Patch releases
| Component | Version | Where to get it |
|---|---|---|
| ServiceControl | 6.14.2 | The downloads page |
| Particular.ServiceControl.Management | 6.14.2 | Update-Module -Name Particular.ServiceControl.Management -RequiredVersion 6.14.2 |
| servicecontrol | 6.14.2 | Docker Hub or docker pull particular/ |
| servicecontrol-audit | 6.14.2 | Docker Hub or docker pull particular/ |
| servicecontrol-monitoring | 6.14.2 | Docker Hub or docker pull particular/ |
| servicecontrol-ravendb | 6.14.2 | Docker Hub or docker pull particular/ |
How to know if you are affected
You are affected if you are using previous versions of any of these components, but this doesn't necessarily mean you are vulnerable.
Symptoms
For NuGet packages your projects have the setting NuGetAuditMode set to all and see transitive dependency warnings at build time that mention Particular packages.
Other components of the platform will not have any symptoms.
When to upgrade
You should upgrade immediately if you are affected. Otherwise, you should upgrade during your next maintenance window.