Merge pull request #630 from serilog-mssql/dev

ckadluba · web-flow · commit e91ce9ac85b3 · 2025-07-11T20:45:43.000+02:00
Release 8.2.2 * Fixed issue Security issue in dependency Microsoft.Identity.Client #624: Enforce new version of transient dependency to fix vulnerability and avoid nuget.org version de-listing until SqlClient 6.1 is released.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,6 @@
+# 8.2.2
+* Fixed issue #624: Enforce new version of transient dependency to fix vulnerability and avoid nuget.org version de-listing until SqlClient 6.1 is released.
+
 # 8.2.1
 * Updated SqlClient to 5.2.3 (thanks to @cancakar35)
 * Fixes in .editorconfig (thanks to @cancakar35)
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -11,6 +11,7 @@
     <PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="8.0.1" />
     <PackageVersion Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
+    <PackageVersion Include="Microsoft.Identity.Client" Version="4.73.1" />
     <PackageVersion Include="coverlet.collector" Version="3.2.0" />
     <PackageVersion Include="FluentAssertions" Version="6.12.1" />
     <PackageVersion Include="Dapper.StrongName" Version="2.1.35" />
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+We currently do not maintain older major versions of the sink and backport security fixes. Fixes are usually created as a new release based on the latest existing release.
+
+## Reporting a Vulnerability
+
+If you find a security related problem in the library, please create an issue in the GitHub repository and give us as much details and context as you can.
diff --git a/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj b/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>A Serilog sink that writes events to Microsoft SQL Server and Azure SQL</Description>
-    <VersionPrefix>8.2.1</VersionPrefix>
+    <VersionPrefix>8.2.2</VersionPrefix>
     <EnablePackageValidation>true</EnablePackageValidation>
     <PackageValidationBaselineVersion>8.0.0</PackageValidationBaselineVersion>
     <Authors>Michiel van Oudheusden;Christian Kadluba;Serilog Contributors</Authors>
@@ -36,6 +36,7 @@
     <PackageReference Include="Microsoft.Data.SqlClient" />
     <PackageReference Include="Microsoft.Extensions.Configuration" />
     <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" />
+    <PackageReference Include="Microsoft.Identity.Client" />
     <PackageReference Include="Serilog" />
   </ItemGroup>
 
