+1Hello,
one of my customers is running CV 11.32.89 and .Net 8.0.406. Their Security Team discovered vulnerability in the current .Net version and advised to update to .NET_9.0_SDK_(v9.0.200)_x64. However, in the Commvault KB I see, that manual DotNet updates to another major version (e.g. 8->9) are generally not allowed:
Manual Upgrade of .NET Core Runtime
Could you please advise how the customer can proceed to handle the vulnerability?
Best regards,
Aleksandra
+5Hi Aleksandra,
Hope you’re doing well.
What is the specific vulnerability affecting the customer’s .NET Core 8.0.x deployment? EOS for 8.0.x is slated for November 2026 so I would assume a patch/workaround should be available for the current major release.
You are correct in that with Commvault 11.32 .NET 9.x is not supported. Only 8.0.x configurations are certified and we cannot guarantee functionality if an upgrade to 9.x were to be performed.
+1Hello Jon,
thank you very much for your detailed reply.
The customer did not inform about the exact vulnerability he discovered.
However, he is asking now, what would be the highest release of .NET 8.0.x version that they can safely update to.
Could you please advise on that?
Best regards,
Aleksandra
+5All minor versions of .NET 8.0.x are supported.
Update to the latest minor version of 8.0.x if that means the vulnerability has been included within a recent patch.
+1Hello Jon,
thank you very much for your support.
The issue has been resolved.
Best regards,
Aleksandra
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
