Title here
Summary here
New release v28.0
December 2, 20241 minute
New release v28.0.20241202.37 is available for download.
Important
This release contains a security update to address the vulnerability CVE-2024-43485 in System.Text.Json 6.0.x.
Overview
Link to this releasae:
Click here.
Changelog in this version:
Click here.
To update from a previous version of EntraCP:
Follow this article.
To upgrade from AzureCP:
See this article.
About the security update
EntraCP has
2 dependencies:
Microsoft.Graph and
Azure.Identity.
The
vulnerability was disclosed on October 8, 2024, and affects System.Text.Json 6.0.x, which was referenced by Azure.Identity.
EntraCP v28 uses the latest version of both packages, which depend on System.Text.Json 8.0.5, that fixes the vulnerability.