We are leaving Russia. We are against aggression and war with Ukraine. It is a tragedy for our nations, it is a nightmare

This security patch fixes a regression appeared in the previous version 1.7.25 that makes Dashboard UI available for remote requests in the default configuration, e.g. when no authentication filter specified. Please note that when custom authentication filter is defined as recommended in the documentation, everything works as expected, but upgrade is recommended in any case. Please read the GHSA-7rq6-7gv8-c37h security advisory for details.

CVE ID
CVE-2021-41238
Affected Packages
Hangfire.Core = 1.7.25 (only)
Affected Platforms
All, including .NET Core, .NET Framework, Mono of any version

Hangfire.Core

  • Security – Fix “Dashboard UI accessible from outside by default since 1.7.25” regression.

Comments