Skip to content

Fix transitive MessagePack vulnerability in AI template AppHost projects#7561

Merged
adamsitnik merged 4 commits into
mainfrom
copilot/try-reproduce-build-failure
Jun 15, 2026
Merged

Fix transitive MessagePack vulnerability in AI template AppHost projects#7561
adamsitnik merged 4 commits into
mainfrom
copilot/try-reproduce-build-failure

Conversation

Copilot AI commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Template-generated AppHost projects fail restore with NU1903 because Aspire.Hosting.AppHost transitively pulls in MessagePack 2.5.192 (via StreamJsonRpc), which has a known high-severity vulnerability (GHSA-hv8m-jj95-wg3x).

The transitive dependency chain is:

Aspire.Hosting.AppHost → Aspire.Hosting → StreamJsonRpc 2.22.23 → MessagePack >= 2.5.192

StreamJsonRpc 2.22.23 declares a minimum floor of [2.5.192, ) for MessagePack, so NuGet resolves exactly 2.5.192 unless overridden. Upgrading Aspire alone doesn't fix this.

Changes

  • eng/packages/ProjectTemplates.props: Added MessagePack 2.5.301 (patched version)
  • AIChatWeb-CSharp.AppHost.csproj-in: Added direct PackageReference to MessagePack 2.5.301 to force NuGet to resolve the safe version over the vulnerable transitive minimum
  • Test snapshots: Added MessagePack reference in 3 verified snapshot .csproj files
Microsoft Reviewers: Open in CodeFlow

fixes #7562

…rability (GHSA-hv8m-jj95-wg3x)

The Aspire.Hosting.AppHost package transitively depends on MessagePack
(via StreamJsonRpc). Version 13.0.0 pulled in MessagePack 2.5.192 which
has a known high severity vulnerability. Updating to Aspire 13.4.3
resolves this by using a patched transitive dependency chain.

Also updates CommunityToolkit.Aspire packages from 13.0.0-beta.444 to
13.4.0 (stable).

@adamsitnik adamsitnik left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot the CI keeps failing, have you run the tests locally?

Microsoft.Extensions.AI.Templates.Tests.AIChatWebExecutionTests.TestAllSupportedConfigurations

dotnet restore

Working Directory: D:\a_work\1\s\artifacts\ProjectTemplates\Microsoft.Extensions.AI.Templates\Sandbox\aichatweb\projects\AIChatWeb_oai_q_A_T_ID_F_net10\AIChatWeb_oai_q_A_T_ID_F_net10.AppHost
Local Shipping Path: D:\a_work\1\s\artifacts\packages\Release\Shipping
NuGet Packages Path: D:\a_work\1\s\artifacts\ProjectTemplates\Microsoft.Extensions.AI.Templates\Sandbox\packages

Command failed with non-zero exit code: 1

Standard Output:
Determining projects to restore...
Restored D:\a_work\1\s\artifacts\ProjectTemplates\Microsoft.Extensions.AI.Templates\Sandbox\aichatweb\projects\AIChatWeb_oai_q_A_T_ID_F_net10\AIChatWeb_oai_q_A_T_ID_F_net10.Web\AIChatWeb_oai_q_A_T_ID_F_net10.Web.csproj (in 575 ms).
Restored D:\a_work\1\s\artifacts\ProjectTemplates\Microsoft.Extensions.AI.Templates\Sandbox\aichatweb\projects\AIChatWeb_oai_q_A_T_ID_F_net10\AIChatWeb_oai_q_A_T_ID_F_net10.ServiceDefaults\AIChatWeb_oai_q_A_T_ID_F_net10.ServiceDefaults.csproj (in 575 ms).
D:\a_work\1\s\artifacts\ProjectTemplates\Microsoft.Extensions.AI.Templates\Sandbox\aichatweb\projects\AIChatWeb_oai_q_A_T_ID_F_net10\AIChatWeb_oai_q_A_T_ID_F_net10.AppHost\AIChatWeb_oai_q_A_T_ID_F_net10.AppHost.csproj : error NU1903: Warning As Error: Package 'MessagePack' 2.5.192 has a known high severity vulnerability, https://github.com/advisories/GHSA-hv8m-jj95-wg3x
Failed to restore D:\a_work\1\s\artifacts\ProjectTemplates\Microsoft.Extensions.AI.Templates\Sandbox\aichatweb\projects\AIChatWeb_oai_q_A_T_ID_F_net10\AIChatWeb_oai_q_A_T_ID_F_net10.AppHost\AIChatWeb_oai_q_A_T_ID_F_net10.AppHost.csproj (in 1.07 sec).

@copilot fix it, also post which package exactly depends on the vulnerable MessagePack

@dotnet-policy-service dotnet-policy-service Bot added the waiting-author-feedback 📭 The author of this issue needs to respond in order for us to continue investigating this issue. label Jun 12, 2026
…ty warning

The transitive dependency chain is:
Aspire.Hosting.AppHost → Aspire.Hosting → StreamJsonRpc >= 2.22.23 → MessagePack >= 2.5.192

StreamJsonRpc 2.22.23 declares a floor of MessagePack 2.5.192 which is
vulnerable (GHSA-hv8m-jj95-wg3x). Adding a direct PackageReference to
MessagePack 2.5.301 forces NuGet to resolve the patched version.

Copilot AI commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

@copilot the CI keeps failing, have you run the tests locally?

The vulnerable MessagePack 2.5.192 is pulled in via this transitive chain:

Aspire.Hosting.AppHost 13.4.3
  → Aspire.Hosting 13.4.3
    → StreamJsonRpc 2.22.23
      → MessagePack >= 2.5.192

StreamJsonRpc 2.22.23 declares a minimum floor of [2.5.192, ) for MessagePack, so NuGet resolves exactly 2.5.192 unless something else pushes it higher. Upgrading the Aspire packages alone doesn't fix this because StreamJsonRpc hasn't updated its minimum dependency.

Fixed by adding a direct PackageReference to MessagePack 2.5.301 (the patched version) in the AppHost template, which forces NuGet to resolve the safe version. See commit 2nd in this PR.

@dotnet-policy-service dotnet-policy-service Bot removed the waiting-author-feedback 📭 The author of this issue needs to respond in order for us to continue investigating this issue. label Jun 12, 2026
Copilot AI changed the title Update Aspire packages to 13.4.3 to fix transitive MessagePack vulnerability Fix transitive MessagePack vulnerability in AI template AppHost projects Jun 12, 2026
Copilot AI requested a review from adamsitnik June 12, 2026 18:06

@adamsitnik adamsitnik left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot Since the first commit does not help at all, revert it.

Copilot AI commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

@copilot Since the first commit does not help at all, revert it.

Reverted the Aspire version bumps from the first commit. The PR now only contains the MessagePack 2.5.301 pin which is what actually fixes the NU1903 vulnerability. See commit Revert Aspire version bumps; keep only MessagePack 2.5.301 pin to fix NU1903.

Copilot AI requested a review from adamsitnik June 12, 2026 18:43

@adamsitnik adamsitnik left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot mimic what you did in #7560 in order to make the CI green

@dotnet-policy-service dotnet-policy-service Bot added the waiting-author-feedback 📭 The author of this issue needs to respond in order for us to continue investigating this issue. label Jun 15, 2026

Copilot AI commented Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

@copilot mimic what you did in #7560 in order to make the CI green

Done — removed the XML comment from the template so it now matches PR #7560 exactly. The diff is now identical: just the MessagePack PackageReference line added without any comment.

@dotnet-policy-service dotnet-policy-service Bot removed the waiting-author-feedback 📭 The author of this issue needs to respond in order for us to continue investigating this issue. label Jun 15, 2026
Copilot AI requested a review from adamsitnik June 15, 2026 12:52
@dotnet-comment-bot

Copy link
Copy Markdown
Collaborator

‼️ Found issues ‼️

Project Coverage Type Expected Actual
Microsoft.Extensions.Diagnostics.Testing Line 99 98.65 🔻
Microsoft.Extensions.Telemetry Line 93 91.95 🔻
Microsoft.Extensions.AI Line 89 88.57 🔻
Microsoft.Extensions.AI Branch 89 88.57 🔻
Microsoft.Extensions.AI.OpenAI Line 75 62.65 🔻
Microsoft.Extensions.AI.OpenAI Branch 75 49.63 🔻
Microsoft.Extensions.DataIngestion.MarkItDown Line 75 4.46 🔻
Microsoft.Extensions.DataIngestion.MarkItDown Branch 75 0 🔻
Microsoft.Extensions.Diagnostics.ResourceMonitoring Line 99 96.03 🔻
Microsoft.Extensions.Diagnostics.ResourceMonitoring Branch 99 94.39 🔻
Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes Line 99 97.73 🔻
Microsoft.Extensions.ServiceDiscovery.Dns Line 75 68.32 🔻
Microsoft.Extensions.ServiceDiscovery.Abstractions Line 75 42.11 🔻
Microsoft.Extensions.ServiceDiscovery.Abstractions Branch 75 42.86 🔻
Microsoft.Extensions.ServiceDiscovery Line 75 68.11 🔻
Microsoft.Extensions.ServiceDiscovery Branch 75 71.43 🔻
Microsoft.Extensions.ServiceDiscovery.Yarp Line 75 73.85 🔻
Microsoft.Extensions.ServiceDiscovery.Yarp Branch 75 70 🔻
Microsoft.Extensions.VectorData.Abstractions Line 75 37.39 🔻
Microsoft.Extensions.VectorData.Abstractions Branch 75 22.73 🔻

🎉 Good job! The coverage increased 🎉
Update MinCodeCoverage in the project files.

Project Expected Actual
Microsoft.Gen.BuildMetadata 97 100
Microsoft.Gen.MetadataExtractor 57 73
Microsoft.Gen.MetricsReports 67 69
Microsoft.Extensions.AI.Abstractions 82 85
Microsoft.Extensions.AI.Evaluation.NLP 0 78
Microsoft.Extensions.Caching.Hybrid 82 84
Microsoft.Extensions.DataIngestion 75 89
Microsoft.Extensions.DataIngestion.Markdig 75 90
Microsoft.Extensions.Http.Resilience 97 100

Full code coverage report: https://dev.azure.com/dnceng-public/public/_build/results?buildId=1464515&view=codecoverage-tab

@adamsitnik adamsitnik marked this pull request as ready for review June 15, 2026 15:11
@adamsitnik adamsitnik requested review from a team as code owners June 15, 2026 15:11
Copilot AI review requested due to automatic review settings June 15, 2026 15:11

@adamsitnik adamsitnik left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Merging to unblock the CI, will use microsoft/aspire#18204 once it's available.

@adamsitnik adamsitnik enabled auto-merge (squash) June 15, 2026 15:13

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a restore-blocking NU1903 vulnerability warning in template-generated AI AppHost projects by forcing NuGet to resolve a patched MessagePack version instead of the vulnerable transitive minimum pulled in via StreamJsonRpc.

Changes:

  • Added MessagePack 2.5.301 to the project-templates package version map (eng/packages/ProjectTemplates.props).
  • Pinned MessagePack as a direct dependency in the AI Chat Web AppHost template to override the transitive resolution.
  • Updated AI template integration test snapshots to reflect the new MessagePack package reference.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
eng/packages/ProjectTemplates.props Defines MessagePack 2.5.301 for template version substitution.
src/ProjectTemplates/Microsoft.Extensions.AI.Templates/templates/AIChatWeb-CSharp/AIChatWeb-CSharp.AppHost/AIChatWeb-CSharp.AppHost.csproj-in Adds a direct MessagePack PackageReference to pin a non-vulnerable version.
test/ProjectTemplates/Microsoft.Extensions.AI.Templates.IntegrationTests/Snapshots/aichatweb/aichatweb.o_q.verified/aichatweb/aichatweb.AppHost/aichatweb.AppHost.csproj Snapshot updated to include MessagePack reference.
test/ProjectTemplates/Microsoft.Extensions.AI.Templates.IntegrationTests/Snapshots/aichatweb/aichatweb.A.verified/aichatweb/aichatweb.AppHost/aichatweb.AppHost.csproj Snapshot updated to include MessagePack reference.
test/ProjectTemplates/Microsoft.Extensions.AI.Templates.IntegrationTests/Snapshots/aichatweb/aichatweb.A_aoai_aais.verified/aichatweb/aichatweb.AppHost/aichatweb.AppHost.csproj Snapshot updated to include MessagePack reference.

@dotnet-comment-bot

Copy link
Copy Markdown
Collaborator

‼️ Found issues ‼️

Project Coverage Type Expected Actual
Microsoft.Extensions.Diagnostics.Testing Line 99 98.65 🔻
Microsoft.Extensions.Telemetry Line 93 91.95 🔻
Microsoft.Extensions.AI Line 89 88.51 🔻
Microsoft.Extensions.AI Branch 89 88.57 🔻
Microsoft.Extensions.AI.OpenAI Line 75 62.65 🔻
Microsoft.Extensions.AI.OpenAI Branch 75 49.63 🔻
Microsoft.Extensions.DataIngestion.MarkItDown Line 75 4.46 🔻
Microsoft.Extensions.DataIngestion.MarkItDown Branch 75 0 🔻
Microsoft.Extensions.Diagnostics.ResourceMonitoring Line 99 96.03 🔻
Microsoft.Extensions.Diagnostics.ResourceMonitoring Branch 99 94.39 🔻
Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes Line 99 97.73 🔻
Microsoft.Extensions.ServiceDiscovery.Dns Line 75 69.93 🔻
Microsoft.Extensions.ServiceDiscovery.Abstractions Line 75 42.11 🔻
Microsoft.Extensions.ServiceDiscovery.Abstractions Branch 75 42.86 🔻
Microsoft.Extensions.ServiceDiscovery Line 75 68.72 🔻
Microsoft.Extensions.ServiceDiscovery Branch 75 71.43 🔻
Microsoft.Extensions.ServiceDiscovery.Yarp Line 75 73.85 🔻
Microsoft.Extensions.ServiceDiscovery.Yarp Branch 75 70 🔻
Microsoft.Extensions.VectorData.Abstractions Line 75 37.39 🔻
Microsoft.Extensions.VectorData.Abstractions Branch 75 22.73 🔻

🎉 Good job! The coverage increased 🎉
Update MinCodeCoverage in the project files.

Project Expected Actual
Microsoft.Gen.BuildMetadata 97 100
Microsoft.Gen.MetadataExtractor 57 73
Microsoft.Gen.MetricsReports 67 69
Microsoft.Extensions.AI.Abstractions 82 85
Microsoft.Extensions.AI.Evaluation.NLP 0 78
Microsoft.Extensions.Caching.Hybrid 82 89
Microsoft.Extensions.DataIngestion 75 89
Microsoft.Extensions.DataIngestion.Markdig 75 90
Microsoft.Extensions.Http.Resilience 97 100

Full code coverage report: https://dev.azure.com/dnceng-public/public/_build/results?buildId=1464769&view=codecoverage-tab

@adamsitnik adamsitnik merged commit 7313f4a into main Jun 15, 2026
7 checks passed
@adamsitnik adamsitnik deleted the copilot/try-reproduce-build-failure branch June 15, 2026 16:41
jeffhandley added a commit that referenced this pull request Jun 15, 2026
Set SkipTests=true on Microsoft.Extensions.AI.Templates.Tests.csproj. The generated AppHost projects fail 'dotnet restore' with NU1903 because the transitive MessagePack 2.5.192 has a known vulnerability (GHSA-hv8m-jj95-wg3x). Tracked by #7562; fixed on main by #7561.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jeffhandley added a commit that referenced this pull request Jun 15, 2026
* Set release branch to stable versioning

* Skip AI.Templates integration tests in release branch

Set SkipTests=true on Microsoft.Extensions.AI.Templates.Tests.csproj. The generated AppHost projects fail 'dotnet restore' with NU1903 because the transitive MessagePack 2.5.192 has a known vulnerability (GHSA-hv8m-jj95-wg3x). Tracked by #7562; fixed on main by #7561.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Microsoft.Extensions.AI.Templates tests are failing

6 participants