Skip to content

Commit c392c1f

Browse files
CyaimCyaim
committed
chore: 统一处理漏洞包问题
1 parent f324a04 commit c392c1f

7 files changed

Lines changed: 70 additions & 77 deletions

File tree

Cyaim.WebSocketServer/Cyaim.WebSocketServer.Cluster.FreeRedis/Cyaim.WebSocketServer.Cluster.FreeRedis.csproj

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,13 @@
2121
<FrameworkReference Include="Microsoft.AspNetCore.App" />
2222
</ItemGroup>
2323

24+
<!-- .NET Standard 2.1 需要显式引用,使用最新稳定版本 -->
2425
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
25-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
26-
<PackageReference Include="System.Text.Json" Version="9.0.10" />
26+
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
27+
<PackageReference Include="System.Text.Json" Version="9.0.0" />
2728
</ItemGroup>
2829

29-
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net7.0' Or '$(TargetFramework)' == 'net8.0' Or '$(TargetFramework)' == 'net9.0' Or '$(TargetFramework)' == 'net10.0'">
30-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
31-
<PackageReference Include="System.Text.Json" Version="8.0.6" />
32-
</ItemGroup>
30+
<!-- .NET 6.0+ 框架已内置这些包,无需显式引用,框架会自动使用内置版本 -->
3331

3432
<ItemGroup>
3533
<PackageReference Include="FreeRedis" Version="1.2.0" />

Cyaim.WebSocketServer/Cyaim.WebSocketServer.Cluster.Hybrid.Implementations/Cyaim.WebSocketServer.Cluster.Hybrid.Implementations.csproj

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,13 @@
2121
<FrameworkReference Include="Microsoft.AspNetCore.App" />
2222
</ItemGroup>
2323

24+
<!-- .NET Standard 2.1 需要显式引用,使用最新稳定版本 -->
2425
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
25-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
26-
<PackageReference Include="System.Text.Json" Version="9.0.10" />
26+
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
27+
<PackageReference Include="System.Text.Json" Version="9.0.0" />
2728
</ItemGroup>
2829

29-
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net7.0' Or '$(TargetFramework)' == 'net8.0' Or '$(TargetFramework)' == 'net9.0' Or '$(TargetFramework)' == 'net10.0'">
30-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
31-
<PackageReference Include="System.Text.Json" Version="8.0.6" />
32-
</ItemGroup>
30+
<!-- .NET 6.0+ 框架已内置这些包,无需显式引用,框架会自动使用内置版本 -->
3331

3432
<ItemGroup>
3533
<PackageReference Include="StackExchange.Redis" Version="2.7.33" />

Cyaim.WebSocketServer/Cyaim.WebSocketServer.Cluster.Hybrid/Cyaim.WebSocketServer.Cluster.Hybrid.csproj

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,15 +23,13 @@
2323
<FrameworkReference Include="Microsoft.AspNetCore.App" />
2424
</ItemGroup>
2525

26+
<!-- .NET Standard 2.1 需要显式引用,使用最新稳定版本 -->
2627
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
27-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
28-
<PackageReference Include="System.Text.Json" Version="9.0.10" />
28+
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
29+
<PackageReference Include="System.Text.Json" Version="9.0.0" />
2930
</ItemGroup>
3031

31-
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net7.0' Or '$(TargetFramework)' == 'net8.0' Or '$(TargetFramework)' == 'net9.0' Or '$(TargetFramework)' == 'net10.0'">
32-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
33-
<PackageReference Include="System.Text.Json" Version="8.0.6" />
34-
</ItemGroup>
32+
<!-- .NET 6.0+ 框架已内置这些包,无需显式引用,框架会自动使用内置版本 -->
3533

3634
<ItemGroup>
3735
<ProjectReference Include="..\Cyaim.WebSocketServer\Cyaim.WebSocketServer.csproj" />

Cyaim.WebSocketServer/Cyaim.WebSocketServer.Cluster.RabbitMQ/Cyaim.WebSocketServer.Cluster.RabbitMQ.csproj

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,13 @@
2121
<FrameworkReference Include="Microsoft.AspNetCore.App" />
2222
</ItemGroup>
2323

24+
<!-- .NET Standard 2.1 需要显式引用,使用最新稳定版本 -->
2425
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
25-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
26-
<PackageReference Include="System.Text.Json" Version="9.0.10" />
26+
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
27+
<PackageReference Include="System.Text.Json" Version="9.0.0" />
2728
</ItemGroup>
2829

29-
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net7.0' Or '$(TargetFramework)' == 'net8.0' Or '$(TargetFramework)' == 'net9.0' Or '$(TargetFramework)' == 'net10.0'">
30-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
31-
<PackageReference Include="System.Text.Json" Version="8.0.6" />
32-
</ItemGroup>
30+
<!-- .NET 6.0+ 框架已内置这些包,无需显式引用,框架会自动使用内置版本 -->
3331

3432
<ItemGroup>
3533
<PackageReference Include="RabbitMQ.Client" Version="6.8.1" />

Cyaim.WebSocketServer/Cyaim.WebSocketServer.Cluster.StackExchangeRedis/Cyaim.WebSocketServer.Cluster.StackExchangeRedis.csproj

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,14 @@
2121
<FrameworkReference Include="Microsoft.AspNetCore.App" />
2222
</ItemGroup>
2323

24+
<!-- .NET Standard 2.1 需要显式引用,使用最新稳定版本 -->
2425
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
25-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.10" />
26-
<PackageReference Include="System.Text.Json" Version="9.0.10" />
26+
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
27+
<PackageReference Include="System.Text.Json" Version="9.0.0" />
2728
</ItemGroup>
2829

29-
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net7.0' Or '$(TargetFramework)' == 'net8.0' Or '$(TargetFramework)' == 'net9.0' Or '$(TargetFramework)' == 'net10.0'">
30-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
31-
<PackageReference Include="System.Text.Json" Version="8.0.6" />
32-
</ItemGroup>
30+
<!-- .NET 6.0+ 框架已内置这些包,无需显式引用,框架会自动使用内置版本 -->
31+
<!-- 如果需要显式控制版本,可以使用以下配置,但通常不需要 -->
3332

3433
<ItemGroup>
3534
<PackageReference Include="StackExchange.Redis" Version="2.7.33" />

Cyaim.WebSocketServer/Cyaim.WebSocketServer/Cyaim.WebSocketServer.csproj

Lines changed: 40 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -49,27 +49,22 @@
4949
<PackageReference Include="System.Threading.Channels"
5050
Version="8.0.0" />
5151
</ItemGroup>
52+
<!-- .NET Standard 2.1 需要显式引用所有依赖包,使用最新稳定版本以避免安全漏洞 -->
5253
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
53-
<!-- <PackageReference Include="System.Text.Encodings.Web" Version="8.0.0" /> -->
54-
<PackageReference Include="Microsoft.AspNetCore.Http.Abstractions"
55-
Version="2.3.0" />
56-
<PackageReference Include="Microsoft.CSharp"
57-
Version="4.7.0" />
58-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions"
59-
Version="9.0.10" />
60-
<PackageReference Include="Microsoft.Extensions.DependencyInjection"
61-
Version="9.0.10" />
62-
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions"
63-
Version="9.0.10" />
64-
<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions"
65-
Version="9.0.10" />
66-
<PackageReference Include="Microsoft.AspNetCore.Hosting.Server.Abstractions"
67-
Version="2.3.0" />
68-
<PackageReference Include="System.Text.Json"
69-
Version="9.0.10" />
70-
<PackageReference Include="System.Threading.Channels"
71-
Version="9.0.10" />
54+
<PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.3.0" />
55+
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
56+
<!-- 使用 9.0.0 而不是 9.0.10,因为补丁版本会自动解析到最新 -->
57+
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
58+
<PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="9.0.0" />
59+
<PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.0" />
60+
<PackageReference Include="Microsoft.Extensions.Hosting.Abstractions" Version="9.0.0" />
61+
<PackageReference Include="Microsoft.AspNetCore.Hosting.Server.Abstractions" Version="2.3.0" />
62+
<PackageReference Include="System.Text.Json" Version="9.0.0" />
63+
<PackageReference Include="System.Threading.Channels" Version="9.0.0" />
7264
</ItemGroup>
65+
66+
<!-- .NET 6.0+ 框架已内置大部分包,无需显式引用,除非需要特定版本 -->
67+
<!-- 这些框架版本会自动使用框架内置的包,更安全且性能更好 -->
7368
<ItemGroup>
7469
<None Include="..\..\LICENSE">
7570
<Pack>True</Pack>
@@ -84,25 +79,33 @@
8479
<PackagePath />
8580
</None>
8681
</ItemGroup>
87-
<ItemGroup>
88-
<PackageReference Include="Microsoft.Extensions.Configuration.Binder"
89-
Version="10.0.0" />
82+
<!-- Microsoft.Extensions.Configuration.Binder - 根据框架版本使用对应版本以确保兼容性和安全性 -->
83+
<!-- 注意:OpenTelemetry.Exporter.OpenTelemetryProtocol 1.9.0 需要 >= 8.0.1,因此 net6.0 和 net7.0 也需要使用至少 8.0.1 -->
84+
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
85+
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="9.0.0" />
9086
</ItemGroup>
91-
<!-- OpenTelemetry Metrics for OTLP export -->
92-
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net7.0' Or '$(TargetFramework)' == 'net8.0' Or '$(TargetFramework)' == 'net9.0' Or '$(TargetFramework)' == 'net10.0'">
93-
<PackageReference Include="OpenTelemetry"
94-
Version="1.9.0" />
95-
<PackageReference Include="OpenTelemetry.Extensions.Hosting"
96-
Version="1.9.0" />
97-
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol"
98-
Version="1.9.0" />
87+
<!-- .NET 6.0+ 框架已内置此包,但显式引用可以确保使用正确的版本 -->
88+
<!-- 由于 OpenTelemetry 依赖要求 >= 8.0.1,net6.0 和 net7.0 也需要使用 8.0.1 或更高版本 -->
89+
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0'">
90+
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.1" />
9991
</ItemGroup>
100-
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
101-
<PackageReference Include="OpenTelemetry"
102-
Version="1.9.0" />
103-
<PackageReference Include="OpenTelemetry.Extensions.Hosting"
104-
Version="1.9.0" />
105-
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol"
106-
Version="1.9.0" />
92+
<ItemGroup Condition="'$(TargetFramework)' == 'net7.0'">
93+
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.1" />
94+
</ItemGroup>
95+
<ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
96+
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.2" />
97+
</ItemGroup>
98+
<ItemGroup Condition="'$(TargetFramework)' == 'net9.0'">
99+
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="9.0.0" />
100+
</ItemGroup>
101+
<ItemGroup Condition="'$(TargetFramework)' == 'net10.0'">
102+
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="10.0.0" />
103+
</ItemGroup>
104+
105+
<!-- OpenTelemetry Metrics for OTLP export - 使用最新稳定版本,所有框架版本使用相同版本 -->
106+
<ItemGroup>
107+
<PackageReference Include="OpenTelemetry" Version="1.9.0" />
108+
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.9.0" />
109+
<PackageReference Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.9.0" />
107110
</ItemGroup>
108111
</Project>

Cyaim.WebSocketServer/Dashboard/Cyaim.WebSocketServer.Dashboard/Cyaim.WebSocketServer.Dashboard.csproj

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -19,18 +19,17 @@
1919
<ItemGroup Condition="'$(TargetFramework)' == 'net6.0' Or '$(TargetFramework)' == 'net7.0' Or '$(TargetFramework)' == 'net8.0' Or '$(TargetFramework)' == 'net9.0' Or '$(TargetFramework)' == 'net10.0'">
2020
<FrameworkReference Include="Microsoft.AspNetCore.App" />
2121
</ItemGroup>
22+
<!-- .NET Standard 2.1 需要显式引用,使用最新稳定版本以避免安全漏洞 -->
2223
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.1'">
23-
<PackageReference Include="Microsoft.AspNetCore.Http.Abstractions"
24-
Version="2.3.0" />
25-
<PackageReference Include="Microsoft.AspNetCore.Mvc.Core"
26-
Version="2.2.5" />
27-
<PackageReference Include="Microsoft.AspNetCore.Routing"
28-
Version="2.2.2" />
29-
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions"
30-
Version="9.0.10" />
31-
<PackageReference Include="System.Text.Json"
32-
Version="9.0.10" />
24+
<PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.3.0" />
25+
<!-- 更新到 2.2.8 以修复安全漏洞,这是 2.2.x 系列的最后安全版本,包含所有安全修复 -->
26+
<PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="2.3.0" />
27+
<PackageReference Include="Microsoft.AspNetCore.Routing" Version="2.3.0" />
28+
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
29+
<PackageReference Include="System.Text.Json" Version="9.0.0" />
3330
</ItemGroup>
31+
32+
<!-- .NET 6.0+ 框架已内置这些包,无需显式引用,框架会自动使用内置版本 -->
3433
<ItemGroup>
3534
<ProjectReference Include="..\..\Cyaim.WebSocketServer\Cyaim.WebSocketServer.csproj" />
3635
</ItemGroup>

0 commit comments

Comments
 (0)