Thanks! I was not aware of that.
@gterdem
Thanks for the clarification. I had not tested bringing up the list of permissions for a user, but I see now that it does not work when the internal gateway is down.
Alright. Thanks for looking into it anyways.
@albert
We tried using the preview version of the application template with abp suite v4.3.3 which attempts to download the app-pro-4.4.0-rc.2
template, but our firewall blocks it again claiming it found the same Apple Safari WebKit Selections Use-After-Free Vulnerability
, but this time the file it claims has the vulnerability is toastui-editor.js
as opposed to tui-editor-Editor-full.js
which was reported previously when downloading the app-pro-4.3.3
template.
So it seems the apparent false-positive is still there in v2.x
of Toast UI.
We confirmed a third option exists: explicitly adding Microsoft.EntityFrameworkCore.Relational
5.0.8 to the Shared.Hosting
project gets rid of the conflict.
Hi liangshiwei,
Was there a particular section of the documentation you linked to above that you would like me to focus on?
I believe I understand how the internal gateway is supposed to work, but it seems like the current version of the Microservice template does not actually use the internal gateway at all. In other words, the template seems to work fine even if the internal gateway is down.
Are you aware of this?
Hi maliming,
Unfortunately, installing the latest .NET SDK did not solve the problem; the same error occurs.
I did a little digging and it seems Volo.Abp.EntityFrameworkCore
>= 4.3.3 still depends on Microsoft.EntityFrameworkCore
5.0.7, but there are several package references in the Microservice template 4.3.3 that specify a wildcard in the patch version number (ie. 5.0.*) for Microsoft.EntityFrameworkCore that started resolving to 5.0.8 as of 2021-07-13. This seems to be what is breaking the build.
It seems the only options right now are (1) to replace all instances of 5.0.*
with 5.0.7
to match Volo.Abp.EntityFrameworkCore
, or (2) wait for a new version of Volo.Abp.EntityFrameworkCore
that depends on Microsoft.EntityFrameworkCore
5.0.8.
Is that an accurate assessment?
Hi Albert,
Judging by the responses to the issue you created, it looks like upgrading to tui.editor
v2.x
is the recommended way to resolve this issue.
Is this something that can be done?
They gave me this: https://nvd.nist.gov/vuln/detail/CVE-2010-1812