dotnet · CoreWCF.PrimitivesHeads-up
CoreWCF.Primitives: WS-Security 1.0 DigestMethod validation added
CoreWCF's WS-Security 1.0 receive pipeline now validates the DigestMethod of each ds:Reference against the configured SecurityAlgorithmSuite, preventing accepta
What changed
CoreWCF's WS-Security 1.0 receive pipeline now validates the DigestMethod of each ds:Reference against the configured SecurityAlgorithmSuite, preventing acceptance of messages with disallowed digest algorithms.
Who it affects
Users of CoreWCF.Primitives versions prior to v1.8.1 and v1.9.1 who rely on WS-Security 1.0.
What to do today
Update CoreWCF.Primitives to v1.8.1 or v1.9.1 to patch the vulnerability.
The trail
Collected→
Audited→
Written→
Published