From 7bb514c0630a5f82772e78ef5abbeba3d6a4bb3b Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Tue, 1 Oct 2024 17:01:37 -0700 Subject: [PATCH 1/9] Mitigate vulnerabilities in System.Text.Json 8.0.0 packages. --- Directory.Packages.props | 44 ++++++++++--------- OpenTelemetry.sln | 4 +- build/Common.props | 1 + build/Common.targets | 8 ++++ examples/Directory.Build.targets | 5 +++ examples/Directory.Packages.props | 6 --- .../WorkerService/WorkerService.csproj | 2 - src/Directory.Build.targets | 11 +---- .../OpenTelemetry.Exporter.Console.csproj | 6 +-- .../OpenTelemetry.Exporter.Zipkin.csproj | 7 +-- test/Directory.Build.targets | 19 +++++--- test/Directory.Packages.props | 9 ---- .../OpenTelemetry.Api.Tests.csproj | 10 ++--- ...xporter.OpenTelemetryProtocol.Tests.csproj | 6 +-- ...xporter.Prometheus.AspNetCore.Tests.csproj | 8 ++-- ...orter.Prometheus.HttpListener.Tests.csproj | 7 +-- ...OpenTelemetry.Exporter.Zipkin.Tests.csproj | 7 +-- ...nTelemetry.Extensions.Hosting.Tests.csproj | 8 ++-- ...enTelemetry.Shims.OpenTracing.Tests.csproj | 4 +- .../OpenTelemetry.Tests.Stress.csproj | 4 +- .../OpenTelemetry.Tests.csproj | 12 +++-- 21 files changed, 82 insertions(+), 106 deletions(-) create mode 100644 build/Common.targets create mode 100644 examples/Directory.Build.targets delete mode 100644 examples/Directory.Packages.props delete mode 100644 test/Directory.Packages.props diff --git a/Directory.Packages.props b/Directory.Packages.props index fe1f04c7fbe..2da53cb6b48 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -2,6 +2,7 @@ true 1.9.0 + 9.0.0-rc.1.24431.7 - - - - - - - - + + + + + + + + @@ -52,23 +53,23 @@ 3) The .NET runtime team provides extra backward compatibility guarantee to System.Diagnostics.DiagnosticSource even during major version bumps, so compatibility is not a concern here. --> - + + - + + - - - - + + + - @@ -77,15 +78,17 @@ - - - - + + + + + + @@ -93,6 +96,7 @@ + diff --git a/OpenTelemetry.sln b/OpenTelemetry.sln index f9bde54e00a..cea58bc408a 100644 --- a/OpenTelemetry.sln +++ b/OpenTelemetry.sln @@ -28,6 +28,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{7CB2F02E build\Common.nonprod.props = build\Common.nonprod.props build\Common.prod.props = build\Common.prod.props build\Common.props = build\Common.props + build\Common.targets = build\Common.targets build\debug.snk = build\debug.snk Directory.Packages.props = Directory.Packages.props build\docfx.cmd = build\docfx.cmd @@ -112,7 +113,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{D2E73927-5 ProjectSection(SolutionItems) = preProject test\Directory.Build.props = test\Directory.Build.props test\Directory.Build.targets = test\Directory.Build.targets - test\Directory.Packages.props = test\Directory.Packages.props EndProjectSection EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Examples.Console", "examples\Console\Examples.Console.csproj", "{FF3E6E08-E8E4-4523-B526-847CD989279F}" @@ -129,7 +129,7 @@ EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "examples", "examples", "{2C7DD1DA-C229-4D9E-9AF0-BCD5CD3E4948}" ProjectSection(SolutionItems) = preProject examples\Directory.Build.props = examples\Directory.Build.props - examples\Directory.Packages.props = examples\Directory.Packages.props + examples\Directory.Build.targets = examples\Directory.Build.targets EndProjectSection EndProject Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "trace", "trace", "{5B7FB835-3FFF-4BC2-99C5-A5B5FAE3C818}" diff --git a/build/Common.props b/build/Common.props index 54ecbacfe9b..b625439458e 100644 --- a/build/Common.props +++ b/build/Common.props @@ -31,6 +31,7 @@ net9.0;net8.0;netstandard2.0;$(NetFrameworkMinimumSupportedVersion) net9.0;net8.0;netstandard2.1;netstandard2.0;$(NetFrameworkMinimumSupportedVersion) net9.0;net8.0 + net8.0;netstandard2.1;netstandard2.0;$(NetFrameworkMinimumSupportedVersion) net9.0;net8.0 diff --git a/build/Common.targets b/build/Common.targets new file mode 100644 index 00000000000..5ae9cbfcae8 --- /dev/null +++ b/build/Common.targets @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/examples/Directory.Build.targets b/examples/Directory.Build.targets new file mode 100644 index 00000000000..a0db1462028 --- /dev/null +++ b/examples/Directory.Build.targets @@ -0,0 +1,5 @@ + + + + + diff --git a/examples/Directory.Packages.props b/examples/Directory.Packages.props deleted file mode 100644 index 02296b44608..00000000000 --- a/examples/Directory.Packages.props +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/examples/MicroserviceExample/WorkerService/WorkerService.csproj b/examples/MicroserviceExample/WorkerService/WorkerService.csproj index f10cebc2d7e..b9b1a680772 100644 --- a/examples/MicroserviceExample/WorkerService/WorkerService.csproj +++ b/examples/MicroserviceExample/WorkerService/WorkerService.csproj @@ -6,8 +6,6 @@ - - diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets index 3ee054532a9..6cef70da6c1 100644 --- a/src/Directory.Build.targets +++ b/src/Directory.Build.targets @@ -1,5 +1,7 @@ + + - - - Console exporter for OpenTelemetry .NET $(PackageTags);Console;distributed-tracing core- + true $(NoWarn),1591 - - - - - diff --git a/src/OpenTelemetry.Exporter.Zipkin/OpenTelemetry.Exporter.Zipkin.csproj b/src/OpenTelemetry.Exporter.Zipkin/OpenTelemetry.Exporter.Zipkin.csproj index 3e269d83c26..78d44fd3ee5 100644 --- a/src/OpenTelemetry.Exporter.Zipkin/OpenTelemetry.Exporter.Zipkin.csproj +++ b/src/OpenTelemetry.Exporter.Zipkin/OpenTelemetry.Exporter.Zipkin.csproj @@ -1,9 +1,11 @@ + $(TargetFrameworksForLibraries) Zipkin exporter for OpenTelemetry .NET $(PackageTags);Zipkin;distributed-tracing core- + true @@ -27,11 +29,6 @@ - - - - - diff --git a/test/Directory.Build.targets b/test/Directory.Build.targets index 03d36ba8a59..1a84397fa7e 100644 --- a/test/Directory.Build.targets +++ b/test/Directory.Build.targets @@ -1,10 +1,15 @@ - - - + + + + + + + + + diff --git a/test/Directory.Packages.props b/test/Directory.Packages.props deleted file mode 100644 index 9e456e2826f..00000000000 --- a/test/Directory.Packages.props +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - diff --git a/test/OpenTelemetry.Api.Tests/OpenTelemetry.Api.Tests.csproj b/test/OpenTelemetry.Api.Tests/OpenTelemetry.Api.Tests.csproj index e6a6749107c..2e88e5a9587 100644 --- a/test/OpenTelemetry.Api.Tests/OpenTelemetry.Api.Tests.csproj +++ b/test/OpenTelemetry.Api.Tests/OpenTelemetry.Api.Tests.csproj @@ -1,8 +1,10 @@ + Unit test project for OpenTelemetry.Api $(TargetFrameworksForTests) $(NoWarn),CS0618 + true @@ -20,11 +22,7 @@ - - runtime; build; native; contentfiles; analyzers - - - - + + diff --git a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj index ed31a950360..6456de26027 100644 --- a/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj +++ b/test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj @@ -11,11 +11,7 @@ - - runtime; build; native; contentfiles; analyzers; buildtransitive - - - + diff --git a/test/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests.csproj b/test/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests.csproj index 7a91330ca56..6c4ea8cb626 100644 --- a/test/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests.csproj +++ b/test/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests.csproj @@ -1,4 +1,5 @@ + Unit test project for Prometheus Exporter AspNetCore for OpenTelemetry $(TargetFrameworksForAspNetCoreTests) @@ -9,11 +10,7 @@ - - runtime; build; native; contentfiles; analyzers - - - + @@ -39,4 +36,5 @@ + diff --git a/test/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests.csproj b/test/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests.csproj index efab035ead8..6d6c38ff489 100644 --- a/test/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests.csproj +++ b/test/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests.csproj @@ -1,4 +1,5 @@ + Unit test project for Prometheus Exporter HttpListener for OpenTelemetry $(TargetFrameworksForTests) @@ -8,11 +9,7 @@ - - runtime; build; native; contentfiles; analyzers - - - + diff --git a/test/OpenTelemetry.Exporter.Zipkin.Tests/OpenTelemetry.Exporter.Zipkin.Tests.csproj b/test/OpenTelemetry.Exporter.Zipkin.Tests/OpenTelemetry.Exporter.Zipkin.Tests.csproj index fceb493d55d..a5494a2f920 100644 --- a/test/OpenTelemetry.Exporter.Zipkin.Tests/OpenTelemetry.Exporter.Zipkin.Tests.csproj +++ b/test/OpenTelemetry.Exporter.Zipkin.Tests/OpenTelemetry.Exporter.Zipkin.Tests.csproj @@ -1,4 +1,5 @@ + Unit test project for Zipkin Exporter for OpenTelemetry $(TargetFrameworksForTests) @@ -17,11 +18,7 @@ - - runtime; build; native; contentfiles; analyzers - - - + diff --git a/test/OpenTelemetry.Extensions.Hosting.Tests/OpenTelemetry.Extensions.Hosting.Tests.csproj b/test/OpenTelemetry.Extensions.Hosting.Tests/OpenTelemetry.Extensions.Hosting.Tests.csproj index 73299e92b02..d089eaa7079 100644 --- a/test/OpenTelemetry.Extensions.Hosting.Tests/OpenTelemetry.Extensions.Hosting.Tests.csproj +++ b/test/OpenTelemetry.Extensions.Hosting.Tests/OpenTelemetry.Extensions.Hosting.Tests.csproj @@ -1,4 +1,5 @@ + Unit test project for OpenTelemetry .NET Core hosting library $(TargetFrameworksForTests) @@ -36,10 +37,7 @@ - - runtime; build; native; contentfiles; analyzers - - - + + diff --git a/test/OpenTelemetry.Shims.OpenTracing.Tests/OpenTelemetry.Shims.OpenTracing.Tests.csproj b/test/OpenTelemetry.Shims.OpenTracing.Tests/OpenTelemetry.Shims.OpenTracing.Tests.csproj index 143e90e7dc4..d21c157d1b9 100644 --- a/test/OpenTelemetry.Shims.OpenTracing.Tests/OpenTelemetry.Shims.OpenTracing.Tests.csproj +++ b/test/OpenTelemetry.Shims.OpenTracing.Tests/OpenTelemetry.Shims.OpenTracing.Tests.csproj @@ -1,4 +1,5 @@ + Unit test project for OpenTelemetry.Shims.OpenTracing $(TargetFrameworksForTests) @@ -10,8 +11,6 @@ - - @@ -25,4 +24,5 @@ + diff --git a/test/OpenTelemetry.Tests.Stress/OpenTelemetry.Tests.Stress.csproj b/test/OpenTelemetry.Tests.Stress/OpenTelemetry.Tests.Stress.csproj index 01af1c993ae..9e6464cf484 100644 --- a/test/OpenTelemetry.Tests.Stress/OpenTelemetry.Tests.Stress.csproj +++ b/test/OpenTelemetry.Tests.Stress/OpenTelemetry.Tests.Stress.csproj @@ -1,17 +1,19 @@ + Exe $(TargetFrameworksForTests) + true - + diff --git a/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj b/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj index 96304bf6c6c..fa524fecff8 100644 --- a/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj +++ b/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj @@ -1,9 +1,11 @@ + Unit test project for OpenTelemetry $(TargetFrameworksForTests) $(NoWarn),CS0618 - + true + disable @@ -27,11 +29,7 @@ - - runtime; build; native; contentfiles; analyzers - - - - + + From 4673369213b4621e1306d679efc83bd8a5df506b Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Tue, 1 Oct 2024 21:23:03 -0700 Subject: [PATCH 2/9] Revert unrelated change. --- src/Directory.Build.targets | 9 +++++++++ test/Directory.Build.targets | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets index 6cef70da6c1..3e05f2937f9 100644 --- a/src/Directory.Build.targets +++ b/src/Directory.Build.targets @@ -16,6 +16,15 @@ + + + + + + + + + + From 49fb38b4523cf86fcd7953a4f2dac7d15324873c Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Tue, 1 Oct 2024 21:28:20 -0700 Subject: [PATCH 3/9] Patch CHANGELOGs. --- src/OpenTelemetry.Exporter.Console/CHANGELOG.md | 9 ++++++++- src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md | 6 ++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md index 61b18117e7b..54bd34ab7c5 100644 --- a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md +++ b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md @@ -6,6 +6,12 @@ Notes](../../RELEASENOTES.md). ## Unreleased +* Added direct reference to `System.Text.Encodings.Web` and `System.Text.Json` + for the `net8.0` target with minimum version of `8.0.0` and `8.0.4` + (respectively) in response to + [CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w). + ([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874)) + ## 1.10.0-beta.1 Released 2024-Sep-30 @@ -114,7 +120,8 @@ Released 2023-May-25 ([#4507](https://github.com/open-telemetry/opentelemetry-dotnet/pull/4507)) * Added direct reference to `System.Text.Encodings.Web` with minimum version of -`4.7.2` in response to [CVE-2021-26701](https://github.com/dotnet/runtime/issues/49377). + `4.7.2` in response to + [CVE-2021-26701](https://github.com/dotnet/runtime/issues/49377). ([#4390](https://github.com/open-telemetry/opentelemetry-dotnet/pull/4390)) * Updated `LogRecord` console output: `Body` is now shown (if set), diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md index b2094347059..420504d7e5d 100644 --- a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md +++ b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md @@ -6,6 +6,12 @@ Notes](../../RELEASENOTES.md). ## Unreleased +* Added direct reference to `System.Text.Encodings.Web` and `System.Text.Json` + for the `net8.0` target with minimum version of `8.0.0` and `8.0.4` + (respectively) in response to + [CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w). + ([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874)) + ## 1.10.0-beta.1 Released 2024-Sep-30 From 421d62d597359f22d3f0453727a83f0843ee1cb1 Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Tue, 1 Oct 2024 21:28:26 -0700 Subject: [PATCH 4/9] Lint. --- test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj b/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj index fa524fecff8..9d40f304c56 100644 --- a/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj +++ b/test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj @@ -5,7 +5,7 @@ $(TargetFrameworksForTests) $(NoWarn),CS0618 true - + disable From 4bc37fbb6d4d8732afc7bca4c0832eaadf1fc882 Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Wed, 2 Oct 2024 16:08:46 -0700 Subject: [PATCH 5/9] Tweaks and code review. --- Directory.Packages.props | 32 ++++++++++--------- build/Common.targets | 1 - .../CHANGELOG.md | 5 ++- .../CHANGELOG.md | 5 ++- test/Directory.Build.targets | 2 +- 5 files changed, 22 insertions(+), 23 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index 2da53cb6b48..f3f1fd82fad 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -1,4 +1,5 @@ + true 1.9.0 @@ -11,12 +12,6 @@ vulnerability in the NuGet packages that are published from this repository. --> - - - - - - - - - - - - + + + + + - - - + + - + From 55ff6de69c7228b2b25bada917bd9cbfdc36a94c Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Thu, 3 Oct 2024 11:02:03 -0700 Subject: [PATCH 6/9] Revert some changes. --- Directory.Packages.props | 41 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index f3f1fd82fad..2ce73adaf4a 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -3,7 +3,6 @@ true 1.9.0 - 9.0.0-rc.1.24431.7 + + + + + + - - - - - - - - + + + + + + + + - + - + - - - - @@ -79,10 +78,10 @@ - - - - + + + + From 313edd8a4c1a9aaad90c8d09ea641dfde19e0af8 Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Fri, 4 Oct 2024 12:03:23 -0700 Subject: [PATCH 7/9] Tweaks. --- Directory.Packages.props | 18 ++++++++++++------ build/Common.targets | 5 +++++ .../CHANGELOG.md | 4 ++-- src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md | 4 ++-- test/Directory.Build.targets | 2 +- 5 files changed, 22 insertions(+), 11 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index 2ce73adaf4a..e02f77fccf1 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -3,6 +3,8 @@ true 1.9.0 + 8.0.0 + 8.0.4 + - + + - - + + + + diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md index 590903f5f4f..1295048f592 100644 --- a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md +++ b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md @@ -6,8 +6,8 @@ Notes](../../RELEASENOTES.md). ## Unreleased -* Added a direct reference to `System.Text.Json` for all targets < `net9.0` with - a minimum version of `8.0.4` in response to +* Added direct reference to `System.Text.Json` for the `net8.0` target with + minimum version of `8.0.4` (respectively) in response to [CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w). ([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874)) diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md index 11e2f7767e4..cc495a4129d 100644 --- a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md +++ b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md @@ -6,8 +6,8 @@ Notes](../../RELEASENOTES.md). ## Unreleased -* Added a direct reference to `System.Text.Json` for all targets < `net9.0` with - a minimum version of `8.0.4` in response to +* Added direct reference to `System.Text.Json` for the `net8.0` target with + minimum version of `8.0.4` (respectively) in response to [CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w). ([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874)) diff --git a/test/Directory.Build.targets b/test/Directory.Build.targets index 2010170f6e4..3dd9d999c4f 100644 --- a/test/Directory.Build.targets +++ b/test/Directory.Build.targets @@ -18,7 +18,7 @@ reference is needed to mitigate: https://github.com/advisories/GHSA-hh2w-p6rv-4g7w. Remove this if Coyote publishes a fixed version. --> - + From 49f2ca70bdf858555b124645e0c0f53df0494e74 Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Fri, 4 Oct 2024 12:05:55 -0700 Subject: [PATCH 8/9] CHANGELOG tweaks. --- src/OpenTelemetry.Exporter.Console/CHANGELOG.md | 2 +- src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md index 1295048f592..0a6734593e0 100644 --- a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md +++ b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md @@ -7,7 +7,7 @@ Notes](../../RELEASENOTES.md). ## Unreleased * Added direct reference to `System.Text.Json` for the `net8.0` target with - minimum version of `8.0.4` (respectively) in response to + minimum version of `8.0.4` in response to [CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w). ([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874)) diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md index cc495a4129d..bae3b61acbf 100644 --- a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md +++ b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md @@ -7,7 +7,7 @@ Notes](../../RELEASENOTES.md). ## Unreleased * Added direct reference to `System.Text.Json` for the `net8.0` target with - minimum version of `8.0.4` (respectively) in response to + minimum version of `8.0.4` in response to [CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w). ([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874)) From d69aad3759fdf8ada8ab17a3b3a8f550cc54a428 Mon Sep 17 00:00:00 2001 From: Mikel Blanchard Date: Fri, 4 Oct 2024 12:44:02 -0700 Subject: [PATCH 9/9] Review. --- Directory.Packages.props | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index e02f77fccf1..747cff1b7d1 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -59,9 +59,10 @@ -