A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
Feb 16, 2021
Mar 08, 2021
Closed, Fixed and tested
The latest version of CMS UI requires at least version 4.1.1 of Microsoft.OWIN.Host.SystemWeb. However, EPiServer.Commerce.Security only supports version 3 of that dependency. So if you have Commerce installed, and try to update to the latest version of CMS you will get the following error:
The latest EPiServer.CMS (11.20.4) depends on Microsoft.OWIN.Host.SystemWeb >= 4.1.1; via EPiServer.CMS.UI.AspNetIdentity 11.32.1. However the latest EPiServer.Commerce.Security (13.29.0) depends on Microsoft.OWIN.Host.SystemWeb < 4.0.0
This fix updates the EPiServer.Commerce.Security's dependency to Microsoft.Owin.Host.SystemWeb to be [4,5).