Closed jmprieur closed 2 years ago
bgavrilMS
commented
4 years ago I assume this is a major version upgrade?
We should not jump to 4.7.2, that seems excessive. I believe many of our customers are still on 4.6.x. 4.6.x should have better cypto support.
jmprieur
commented
4 years ago You're right @bgavrilMS that's a major version upgrade unless we provide an additional target (but why would we do that?)
henrik-me
commented
4 years ago Crypto support regardless of .net version is challenging and Wilson is our best way to mitigate those concerns.
IMO, we should consider what our netstandard min version can be, e.g. 2.1 and then we can set targets from that.
Additionally we still have one customer who haven't been able to move off net45.
All of this though should be considered for the next major version bump we are taking on the library.
bgavrilMS
commented
4 years ago We need to move to at least 4.6.1 to be able to work around cert issues, which are becoming very difficult to support.
bgavrilMS
commented
3 years ago @jmprieur - currently set to 4.6.1, please let me know if you have data related to others.
jmprieur
commented
3 years ago This is not information we have, @bgavrilMS. Let's go with 4.6.1.
bgavrilMS
commented
2 years ago This was done some time ago.
Is your feature request related to a problem? Please describe. Currently MSAL.NET proposes a net45 platform, however it’s out of support/not patched/does not use latest cryptography.
We should consider 4.7+ or 4.6 and up (because those library versions are free of known vulns and patched)
Describe the solution you'd like Change the .NET framework target to 4.7.2? Jm to look at service side telemetry to understand the impact