New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MQTTnet.Extensions.WebSocket4Net uses several outdated and possibly vulnerable dependencies #1982
Comments
It seems that WebSocket4Net is no longer maintained. The latest release is from 2018. So, I am afraid there is not much we can do about it. The only reason for having this extension is that the web socket implementation in the .NET Framework does not support several encryption algorithms. For me the only option is to get rid of that extension completely. Or do you have another suggestion? |
I don't know what the Library WebSocket4Net does, I just found out about the vulnerability through our toolset. I don't really have a suggestion apart from using a different library or creating necessary code to implement the missing features. Is there an alternative way to use mqtt via websocket? |
There is no need for the extension at all. The .NET Framework has proper support for WebSockets. The API from MQTTnet is the same. You basically can remove the WebSocket4Net extension from the project. The only reason why it was created in the past is that it has support for some encryption algorithms wich the .NET Version does not. |
Describe the feature request
The Library should not use outdated or vulnerable dependencies.
Currently not maintained dependencies:
Which project is your feature request related to?
MQTTnet.Extensions.WebSocket4Net
Describe the solution you'd like
Outdated dependencies should be replaced by ones that are actively maintained.
Describe alternatives you've considered
None
Additional context
Dependency Graph of the Library:
The text was updated successfully, but these errors were encountered: