Hi, we are on K13 on .NET6. We recently got an alert about a vulnerability as noted on this github advisory - https://github.com/advisories/GHSA-8g9c-28fc-mcx2. The solution is simply to update Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt to 6.34.0 to receive the patch. This works fine on the MVC sites, but a breaking change within those packages causes and error in the CMS at runtime as seen in the image below.
It looks like there was an update that required the key to be >512 bits that the CMS is not reaching. Is there a plan to address this to resolve this vulnerability?
David, have you contacted support@kentico.com? This would be the best place to start with this.
Please, sign in to be able to submit a new answer.