Svetlana Kofman
Svetlana Kofman
@darakian , @leecow - regarding [CVE-2019-0545](https://github.com/advisories/GHSA-2xjx-v99w-gqf3) - https://www.nuget.org/packages/System.Net.Http doesn't have versions `2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6` with `2.17` being the fix. Those versions are valid only for https://www.nuget.org/packages/Microsoft.NETCore.App....
> Ok, just to double check you mean a change of the affected product from [System.NET.Http](https://www.nuget.org/packages/System.Net.Http) to [Microsoft.NETCore.App](https://www.nuget.org/packages/Microsoft.NETCore.App)? Yes, exactly.
@darakian , @leecow and I worked offline on CVE-2020-1045 and this is the full set of impacted packages (I updated the table above as well). CVE | Title | Announcement...
@darakian , that's right. Microsoft.AspNetCore.Owin doesn't have version 2.1.22. https://www.nuget.org/packages/Microsoft.AspNetCore.Owin 
Thank for reporting @lechacon ! @darakian , could you take a look pls?
@shelbyc , CVE-2019-0546 was provided by mistake here. There are no impacted packages here. Feel free to remove.
removing out of the Epic, since it covers only the MVP.
@nkolev92, since this is needed for an e2e experience (client perf improvement) we need to align priorities & schedules between the teams. i.e., how high is NuGet/Home#8058 on the client...
This is fixed now.
@dannyvv , thanks for the proposal! I will add this to our backlog. Please note that the team is busy working on other features, so if this is time sensitive,...