New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure Extensive use of BinaryFormatter #17

Open

Jab0rnal opened this issue Jun 29, 2022 · 1 comment

Jab0rnal commented Jun 29, 2022

When attempting to implement this library, I have been getting the following error message:

Exception thrown: 'System.NotSupportedException' in System.Runtime.Serialization.Formatters.dll
BinaryFormatter serialization and deserialization are disabled within this application.

The implementation here is using an unsecure method of binary serialization for serializing event bodies, as described here:

https://docs.microsoft.com/en-gb/dotnet/standard/serialization/binaryformatter-security-guide

A list of "preferred alternatives" are described in the document.

The text was updated successfully, but these errors were encountered:

Jab0rnal changed the title ~~Extensive use of BinaryFormatter~~ Insecure Extensive use of BinaryFormatter

Contributor

kubemq commented Dec 20, 2022

Please check with the latest version v1.6.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment