From cf5e91446048f6927fd5dea95a16f3eb351135b1 Mon Sep 17 00:00:00 2001 From: Per Lundberg Date: Tue, 13 Aug 2024 12:09:56 +0300 Subject: [PATCH 1/2] MINOR: Update README.md This was unintentionally using code formatting, which I don't think was the original author's intent. --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 58fff4767..e88e4eca5 100644 --- a/README.md +++ b/README.md @@ -121,12 +121,12 @@ Logging description and configuration: 1. CVE-2019-0820 - This CVE has been reported in systems.text.regularexpressions.dll which is used by the regular expressions packages - systems.text.regularexpressions.4.3.1.nupkg. This vulnerability manifests itself ONLY when the following .NET runtime environments are being used: - * v1.0 branch: 1.0 - 1.0.16 (exclusive) - * v1.1 branch: 1.1 - 1.1.13 (exclusive) - * v2.1 branch: 2.1 - 2.1.11 (exclusive) - * v2.2 branch: 2.2 - 2.2.5 (exclusive) + * v1.0 branch: 1.0 - 1.0.16 (exclusive) + * v1.1 branch: 1.1 - 1.1.13 (exclusive) + * v2.1 branch: 2.1 - 2.1.11 (exclusive) + * v2.2 branch: 2.2 - 2.2.5 (exclusive) - In order to mitigate this vulnerability, we recommend to update to higher Runtime versions. If you're already running on a .NET Runtime version higher than the ones listed above, you're not going to be affected by this vulnerability. + In order to mitigate this vulnerability, we recommend to update to higher Runtime versions. If you're already running on a .NET Runtime version higher than the ones listed above, you're not going to be affected by this vulnerability. 2. Logging - Snowflake has identified an issue on Feb 20, 2020, with our logging code for the .NET drivers in which we write Master and Session tokens in the clear to the debug logs. The debug logs are collected locally on the drive where your programs are running. This issue impacts only those instances where the programs are run with debug flags enabled, i.e. setting the log level value= "Debug” or “All" in the log4Net config From 1358e15679c5a5657ba20521e4131833b5e305f7 Mon Sep 17 00:00:00 2001 From: Per Lundberg Date: Tue, 13 Aug 2024 12:11:23 +0300 Subject: [PATCH 2/2] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e88e4eca5..52bbe7a74 100644 --- a/README.md +++ b/README.md @@ -121,10 +121,10 @@ Logging description and configuration: 1. CVE-2019-0820 - This CVE has been reported in systems.text.regularexpressions.dll which is used by the regular expressions packages - systems.text.regularexpressions.4.3.1.nupkg. This vulnerability manifests itself ONLY when the following .NET runtime environments are being used: - * v1.0 branch: 1.0 - 1.0.16 (exclusive) - * v1.1 branch: 1.1 - 1.1.13 (exclusive) - * v2.1 branch: 2.1 - 2.1.11 (exclusive) - * v2.2 branch: 2.2 - 2.2.5 (exclusive) + * v1.0 branch: 1.0 - 1.0.16 (exclusive) + * v1.1 branch: 1.1 - 1.1.13 (exclusive) + * v2.1 branch: 2.1 - 2.1.11 (exclusive) + * v2.2 branch: 2.2 - 2.2.5 (exclusive) In order to mitigate this vulnerability, we recommend to update to higher Runtime versions. If you're already running on a .NET Runtime version higher than the ones listed above, you're not going to be affected by this vulnerability.