Skip to content

Bump Swashbuckle.AspNetCore to 10.2.3 to resolve Microsoft.OpenApi vulnerability#280

Open
artnim wants to merge 1 commit into
PapstIO:mainfrom
artnim:fix-openapi-vulnerability
Open

Bump Swashbuckle.AspNetCore to 10.2.3 to resolve Microsoft.OpenApi vulnerability#280
artnim wants to merge 1 commit into
PapstIO:mainfrom
artnim:fix-openapi-vulnerability

Conversation

@artnim

@artnim artnim commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Restoring Papst.EventStore.slnx emits NU1903: the sample project SampleInMemoryAspNetApi.Api transitively pulls Microsoft.OpenApi 2.3.0 via Swashbuckle.AspNetCore 10.0.1, which is affected by GHSA-v5pm-xwqc-g5wc (high severity — circular schema references may terminate OpenAPI parsing).

This bumps Swashbuckle.AspNetCore to 10.2.3, which depends on the patched Microsoft.OpenApi 2.7.5.

  • Restore is clean (no NU1903) across all three solutions
  • All solutions build with 0 warnings / 0 errors
  • Only the sample project consumes Swashbuckle; no library packages affected

https://claude.ai/code/session_01J2j9sfE7zpM2mJq4dsz6m4

…lnerability

Swashbuckle.AspNetCore 10.0.1 pulled in Microsoft.OpenApi 2.3.0, which is
affected by GHSA-v5pm-xwqc-g5wc (high severity, NU1903 restore warning).
10.2.3 depends on Microsoft.OpenApi 2.7.5, which contains the fix.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant