You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As seen in BuildCommand.fs, the project cracker cache the command tool stores in .fsdocs/cache is serialized using the insecure and deprecatedBinaryFormatter class.
To close this potential security hole, the command tool should use a safe serializer for its cache, such as the data contract serializer. Such change would break the existing cache files but the impact from this change is minimal.
The text was updated successfully, but these errors were encountered:
As seen in
BuildCommand.fs
, the project cracker cache the command tool stores in.fsdocs/cache
is serialized using the insecure and deprecatedBinaryFormatter
class.To close this potential security hole, the command tool should use a safe serializer for its cache, such as the data contract serializer. Such change would break the existing cache files but the impact from this change is minimal.
The text was updated successfully, but these errors were encountered: