Vulnerabilities are introduced in Aspose for .NET latest version (24.12)

We saw via SAST scans that Aspose for .NET (Aspose.Total) latest version 24.12 introduce SW vulnerabilities via System.Json, we are using Aspose for several products and we need to know when and how you are planing to address the SW vulnerabilities in System.Json?

@orenco

Can you please provide more details about the specific vulnerabilities you have identified in System.Json and how they are affecting your use of Aspose products?

@orenco,

Generally, Aspose (.NET) APIs are regularly scanned and tested for potential vulnerabilities from time to time. When any vulnerability is identified in an API, we address it immediately. Could you please provide more details about the vulnerabilities or security issues affecting which Aspose .NET APIs, along with specific examples/samples? We will investigate and resolve them promptly.

Please see the attached images:

image.png (56.3 KB)

image.png (61.3 KB)

@orenco,

Thanks for the screenshots.

It appears that there is a vulnerability in the System.Text.Json within the Aspose.PDF API. We have already created a ticket with the ID “PDFNET-58999” in our internal issue tracking system. I will also be transferring your query to the appropriate category, where a member of the Aspose.PDF team will assess the situation and provide you with the latest updates regarding the issue.

@orenco
System.Text.Json has been updated to version 8.0.5, this update will be in Aspose.Pdf version 25.2

@orenco
We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): PDFNET-58999

You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.

The issues you have found earlier (filed as PDFNET-58999) have been fixed in Aspose.PDF for .NET 25.2.