From 44119e397585c1c63835b700ba70d0fca9209433 Mon Sep 17 00:00:00 2001
From: Muzaffer AKYIL <makyil@gmail.com>
Date: Sat, 16 Mar 2024 22:15:29 +0300
Subject: [PATCH 1/2] vulnerable fix & remove unused hangfire package

CVE-2024-21319 : https://github.com/advisories/GHSA-59j7-ghrg-fj52
---
 Core/Core.csproj | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/Core/Core.csproj b/Core/Core.csproj
index 7462dc96..90affeea 100644
--- a/Core/Core.csproj
+++ b/Core/Core.csproj
@@ -13,7 +13,6 @@
 		<PackageReference Include="FluentValidation" Version="11.4.0" />
 		<PackageReference Include="Hangfire" Version="1.8.11" />
 		<PackageReference Include="Hangfire.Autofac" Version="2.6.0" />
-		<PackageReference Include="Hangfire.Dashboard.Authorization" Version="3.0.1" />
 		<PackageReference Include="Hangfire.PostgreSql" Version="1.20.6" />
 		<PackageReference Include="Hangfire.RecurringJobExtensions" Version="1.1.6" />
 		<PackageReference Include="Hangfire.Redis.StackExchange" Version="1.9.3" />
@@ -31,7 +30,7 @@
 		</PackageReference>
 		<PackageReference Include="Microsoft.Extensions.Configuration" Version="7.0.0" />
 		<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="7.0.2" />
-		<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.26.0" />
+		<PackageReference Include="Microsoft.IdentityModel.Tokens" Version="7.4.1" />
 		<PackageReference Include="Microsoft.OpenApi" Version="1.6.0" />
 		<PackageReference Include="MimeKit" Version="3.5.0" />
 		<PackageReference Include="MongoDB.Bson" Version="2.19.0" />
@@ -48,6 +47,6 @@
 		<PackageReference Include="Serilog.Sinks.MSSqlServer" Version="6.2.0" />
 		<PackageReference Include="ServiceStack.Redis.Core" Version="6.5.0" />
 		<PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-		<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.26.0" />
+		<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.4.1" />
   </ItemGroup>
 </Project>

From a56f94865003d33f7e0d7dd2e6bb10d1f031149e Mon Sep 17 00:00:00 2001
From: Muzaffer AKYIL <makyil@gmail.com>
Date: Sat, 16 Mar 2024 22:38:18 +0300
Subject: [PATCH 2/2] securitykey changed to requirement sha256 size

---
 Tests/Helpers/Token/MockJwtTokens.cs | 4 ++--
 WebAPI/appsettings.json              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Tests/Helpers/Token/MockJwtTokens.cs b/Tests/Helpers/Token/MockJwtTokens.cs
index 9eb64da1..9c12a94d 100644
--- a/Tests/Helpers/Token/MockJwtTokens.cs
+++ b/Tests/Helpers/Token/MockJwtTokens.cs
@@ -1,4 +1,4 @@
-﻿using System;
+using System;
 using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
@@ -10,7 +10,7 @@ namespace Tests.Helpers.Token
     public static class MockJwtTokens
     {
         private static readonly JwtSecurityTokenHandler s_tokenHandler = new ();
-        private static string s_keyString = "!z2x3C4v5B*_*!z2x3C4v5B*_*";
+        private static string s_keyString = "!z2x3C4v5B*_*!z2x3C4v5B*_*!z2x3C4v5B*_*";
 
         static MockJwtTokens()
         {
diff --git a/WebAPI/appsettings.json b/WebAPI/appsettings.json
index 0f692ff7..32d546fb 100644
--- a/WebAPI/appsettings.json
+++ b/WebAPI/appsettings.json
@@ -3,7 +3,7 @@
 		"Audience": "www.devarchitecture.com",
 		"Issuer": "www.devarchitecture.com",
 		"AccessTokenExpiration": 10,
-		"SecurityKey": "!z2x3C4v5B*_*!z2x3C4v5B*_*"
+		"SecurityKey": "!z2x3C4v5B*_*!z2x3C4v5B*_*!z2x3C4v5B*_*"
 	},
 	"EmailConfiguration": {
 		"SmtpServer": "smtp.live.com",
