We have released security updates to supported versions of Microsoft.Data.SqlClient and System.Data.SqlClient. It is recommended to update references to these versions as soon as possible.
A new security vulnerability was announced in the .NET SqlClient drivers that allows an attacker to silently bypass encryption in the connection between a client and a server. The details are discussed in the CVE:
We’ve released to following hotfix packages to address this important security issue:
Microsoft.Data.SqlClient 5.1.3 (release notes) (download) Microsoft.Data.SqlClient