Release RC version with security fixes. #6183

Kielek · 2025-03-13T05:40:47Z

Package

OpenTelemetry*

Is your feature request related to a problem?

OpenTelemetry Log (Bridge) API is publicly available only within prereleased versions (beta/rc). The latest versions (1.11.0-rc.1) is now marked as vulnerable.

See

D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\src\OpenTelemetry.Appenders.EventSource\OpenTelemetry.Appenders.EventSource.csproj : error NU1902: Package 'OpenTelemetry.Api' 1.11.0-rc.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-8785-wc3w-h8q6 [TargetFramework=net8.0]
D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\src\OpenTelemetry.Appenders.EventSource\OpenTelemetry.Appenders.EventSource.csproj : error NU1902: Package 'OpenTelemetry.Api' 1.11.0-rc.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-[8](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/actions/runs/13807068548/job/38620036050#step:6:9)785-wc3w-h8q6 [TargetFramework=net462]
  OpenTelemetry.Appenders.EventSource -> D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\src\OpenTelemetry.Appenders.EventSource\bin\Release\net462\OpenTelemetry.Appenders.EventSource.dll
  OpenTelemetry.Appenders.EventSource -> D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\src\OpenTelemetry.Appenders.EventSource\bin\Release\net8.0\OpenTelemetry.Appenders.EventSource.dll
D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\test\OpenTelemetry.Appenders.EventSource.Tests\OpenTelemetry.Appenders.EventSource.Tests.csproj : error NU1902: Package 'OpenTelemetry.Api' 1.11.0-rc.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-8785-wc3w-h8q6 [TargetFramework=net462]
D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\test\OpenTelemetry.Appenders.EventSource.Tests\OpenTelemetry.Appenders.EventSource.Tests.csproj : error NU1[9](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/actions/runs/13807068548/job/38620036050#step:6:10)02: Package 'OpenTelemetry.Api' 1.11.0-rc.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-8785-wc3w-h8q6 [TargetFramework=net8.0]
  OpenTelemetry.Appenders.EventSource.Tests -> D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\test\OpenTelemetry.Appenders.EventSource.Tests\bin\Release\net8.0\OpenTelemetry.Appenders.EventSource.Tests.dll
  OpenTelemetry.Appenders.EventSource.Tests -> D:\a\opentelemetry-dotnet-contrib\opentelemetry-dotnet-contrib\test\OpenTelemetry.Appenders.EventSource.Tests\bin\Release\net462\OpenTelemetry.Appenders.EventSource.Tests.dll

What is the expected behavior?

No build issues without disabling NU1902

Which alternative solutions or features have you considered?

N/A

Additional context

We need to have secure version to move forward with open-telemetry/opentelemetry-dotnet-contrib#2649 and open-telemetry/opentelemetry-dotnet-contrib#2579.

The text was updated successfully, but these errors were encountered:

Kielek added enhancement New feature or request needs-triage New issues which have not been classified or triaged by a community member labels Mar 13, 2025

Kielek assigned rajkumar-rangaraj Mar 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release RC version with security fixes. #6183

Release RC version with security fixes. #6183

Kielek commented Mar 13, 2025 •

edited

Loading

Release RC version with security fixes. #6183

Release RC version with security fixes. #6183

Comments

Kielek commented Mar 13, 2025 • edited Loading

Package

Is your feature request related to a problem?

What is the expected behavior?

Which alternative solutions or features have you considered?

Additional context

Kielek commented Mar 13, 2025 •

edited

Loading