aeons opened a new issue, #236: URL: https://github.com/apache/pulsar-dotpulsar/issues/236
I know that `DotNetZip` is not a direct dependency, but you will need to add it if you have ZLib compressed messages. `DotNetZip` is currently marked as abandoned and having a high severity security vulnerability on nuget. See https://www.nuget.org/packages/dotnetzip/ I know that the specific vulnerability (directory traversal) is not applicable in this use case, but it does show up on various security scanners. As I see it, it should not be that hard to add alternatives to `DotNetZip` and probe for them at runtime (like it does currently). Could `System.IO.Compression.ZlibStream` or [`SharpZipLib`](https://github.com/icsharpcode/SharpZipLib) be considered? I don't mind putting up a PR if there is interest for this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
