Released: Security updates for Microsoft.Data.SqlClient and System.Data.SqlClient

We have released security updates to supported versions of Microsoft.Data.SqlClient and System.Data.SqlClient. It is recommended to update references to these versions as soon as possible.


A new security vulnerability was announced in the .NET SqlClient drivers that allows an attacker to silently bypass encryption in the connection between a client and a server. The details are discussed in the CVE:


CVE-2024-0056 – Security Update Guide – Microsoft – Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability


We’ve released to following hotfix packages to address this important security issue:


Microsoft.Data.SqlClient 5.1.3 (release notes) (download) Microsoft.Data.SqlClient