Fixed an XML external entity (XXE) vulnerability.

Author: ravibpatel

AutoUpdater.NET/AutoUpdater.cs

@@ -462,8 +462,7 @@ private static void BackgroundWorkerDoWork(object sender, DoWorkEventArgs e)
                     }
                     else
                     {
-                        XmlDocument receivedAppCastDocument = new XmlDocument();
-
+                        XmlDocument receivedAppCastDocument = new XmlDocument {XmlResolver = null};
                         try
                         {
                             receivedAppCastDocument.Load(appCastStream);

AutoUpdater.NET/Properties/AssemblyInfo.cs

@@ -32,6 +32,6 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.5.7.0")]
-[assembly: AssemblyFileVersion("1.5.7.0")]
+[assembly: AssemblyVersion("1.5.8.0")]
+[assembly: AssemblyFileVersion("1.5.8.0")]
 [assembly: NeutralResourcesLanguageAttribute("en")]

AutoUpdater.NET/build/Autoupdater.NET.Official.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
     <metadata>
         <id>Autoupdater.NET.Official</id>
-        <version>1.5.7</version>
+        <version>1.5.8</version>
         <title>AutoUpdater.NET</title>
         <authors>RBSoft</authors>
         <owners>RBSoft</owners>

appveyor.yml

@@ -1,6 +1,6 @@
-version: 1.5.7.{build}
+version: 1.5.8.{build}
 environment:
-  my_version: 1.5.7
+  my_version: 1.5.8
   my_secret:
     secure: vbPRaZLQYpGPr4BrZZ4p6TofpSZMud+FKtlpqjgO8aA=
 skip_branch_with_pr: true