Team,
We are using aspose.cells version 23.6.0, our security team has marked SkiaSharp as high vulnerable package.
For me to deploy, i need an fix for this. Does aspose has any workaround for this ?
Team,
We are using aspose.cells version 23.6.0, our security team has marked SkiaSharp as high vulnerable package.
For me to deploy, i need an fix for this. Does aspose has any workaround for this ?
If you are using Windows platform, you may use System.Drawing.Common instead of SkiaSharp library as a dependency of graphics. See the document for your reference.
https://docs.aspose.com/cells/net/how-to-run-aspose-cells-for-net6/
I am using Web API(.net core - 6.0)
Also, what is your OS or target OS? We will also check the vulnerability for SkiaSharp and get back to you.
as of now, our target OS is windows.
@neemlal
We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.
Issue ID(s): CELLSNET-54299
You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.
So you mean to say no work around for this as of now?
What if i install
will it replace Skiasharp ?
@neemlal
We will investigate the issue of SkiaSharp vulnerabilities. If you use the Windows system and use System.Drawing.Common as the graphics library, you can choose not to use SkiaSharp. We use SkiaSharp install of System.Drawing.Common in non Windows systems.
Please refer to the following documents:
What is the vulnerability in SkiaSharp(which version) reported by your security team? Could you please share us some more details. e.g. some reference links about the vulnerability?
the vulnerability is marked to CVE-2023-4863
@neemlal
Thanks for further details. Let us investigate and analyze your issue in details. Hopefully we could figure it out soon. Once we have an update on it, we will let you know.
@neemlal
SkiaSharp has resolved the vulnerability of CVC-2023-4863. You can update the version to solve the issue. Please check the documentation.
just updating skiasharp version to 2.88.6 will help me out ?
The issues you have found earlier (filed as CELLSNET-54299) have been fixed in this update. This message was posted using Bugs notification tool by johnson.shi