Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugsnag now contains references to out of date and insecure dependencies -- is an update planned? #170

Open
daleholborow opened this issue Nov 22, 2024 · 5 comments
Open

Bugsnag now contains references to out of date and insecure dependencies -- is an update planned? #170

daleholborow opened this issue Nov 22, 2024 · 5 comments
Labels
scheduled Work is starting on this feature/bug

Comments

@daleholborow
Copy link

Latest version of BugSnag nuget is now very out of date last version is 2022? Is this under active development and support, or is Bugsnag ignoring the .NET ecosystem?

See attached image:

image
@johnml1135 johnml1135 mentioned this issue Nov 27, 2024
Closed
@mclack
Copy link

mclack commented Nov 29, 2024

Hi @daleholborow

Thanks for raising this.

We are still maintaining bugsnag-dotnet, and have scheduled some time in Q1 of 2025 to get to these fixes. We will make sure to post any updates regarding that work here; thank you for your patience in the meantime.

We also wanted to briefly explain why we haven't prioritised work on bugsnag-dotnet sooner. As you may be aware, we've been investing a lot of time into our new Performance Monitoring product in BugSnag, adding OpenTelemetry support for server platforms (including .NET). We recently also launched Distributed Tracing for tracking requests across your system, and our roadmap includes plenty of features to continue to enhance this functionality. We also have work planned to more closely tie our Error and Performance Monitoring products together to give you deeper insights into where in your application things are going wrong.

@mclack mclack added the backlog We hope to fix this feature/bug in the future label Nov 29, 2024
@pmachapman pmachapman mentioned this issue Dec 2, 2024
Merged
@daleholborow
Copy link
Author

I appreciate that the feature set is evolving, but I do question the decision to de-emphasise security fixes as a result. This makes me (and presumably others) particularly hesitant to recommend/incorporate Bugsnag in my client projects, now and in future, and I am a bit disappointed given that I have only recently made the recommendation that my clients adopt Bugsnag. I see @pmachapman's MR (which is much appreciated), is there anything preventing that from rolling out sooner?

@AlexanderVanMeerten
Copy link

Cannot add Bugsnag to our projects like this. Please resolve.

@yurykovshov
Copy link

Such minor security issues should be resolved as the highest priority. It is a low-hanging fruit.

@RobertoSmartBear RobertoSmartBear added needs discussion Requires internal analysis/discussion and removed backlog We hope to fix this feature/bug in the future labels Dec 24, 2024
@RobertoSmartBear
Copy link

Thank you for your patience and involvement. We consider security issues very seriously, which is why we’ve already scheduled work on the .NET BugSnag library update for the upcoming weeks. We will make the update available as soon as possible and keep you posted on the release.

@RobertoSmartBear RobertoSmartBear added scheduled Work is starting on this feature/bug and removed needs discussion Requires internal analysis/discussion labels Dec 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scheduled Work is starting on this feature/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@yurykovshov @daleholborow @AlexanderVanMeerten @mclack @RobertoSmartBear