Does anyone know if it is safe to update the package SharpZipLib from 0.86 to lastest (1.3.3) or will i break things in Umbraco search / lucene? I'm running umbraco v8.16.
I can see that Lucene.net has a dependency to this package but a recent security scan on our projects shows that there is a vulnerability in this version of the package.
Did you successfully upgrade this package? I have the same issue - a security scan has thrown up a vulnerability in the old version of SharpZipLib and I'd like to upgrade it to 1.3.3 to remediate the vulnerability. I'd be interested to hear whether you went ahead without issues.
Update package Sharpziplib
Hi,
Does anyone know if it is safe to update the package SharpZipLib from 0.86 to lastest (1.3.3) or will i break things in Umbraco search / lucene? I'm running umbraco v8.16.
I can see that Lucene.net has a dependency to this package but a recent security scan on our projects shows that there is a vulnerability in this version of the package.
Erik
Hi Erik
Did you successfully upgrade this package? I have the same issue - a security scan has thrown up a vulnerability in the old version of SharpZipLib and I'd like to upgrade it to 1.3.3 to remediate the vulnerability. I'd be interested to hear whether you went ahead without issues.
We're also running Umbraco 8.
Hi Tony,
We succesfully upgraded this package and haven't seen any issue so far.
Thanks Erik. We took the plunge also in the end, since we had time pressure to remove the vulnerability. Like you, no issues so far.
Thanks for responding :)
Anything officially said about how to fix this package as this is a security vulnerability in Umbraco CMS(which depends upon SharpZipLib)?
is working on a reply...