IdentityServer / IdentityServer4

OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
https://identityserver.io
Apache License 2.0
9.23k stars 4.02k forks source link

EntityFramework.Storage project update AutoMapper to version 12 so that it works with .NET 7. #5486

Closed Mani4k closed 2 years ago

Mani4k commented 2 years ago

Hello, I'm getting issues with IS4 running on .NET 7 It is easily resolved by updating AutoMapper to version 12 in the EntityFramework.Storage project. Can this be done please? The error is: GenericArguments[0], 'System.Char', on 'T MaxFloatT' violates the constraint of type 'T'.

AutoMapper team fixed this in version 12: https://github.com/AutoMapper/AutoMapper/issues/3988

Thanks

leastprivilege commented 2 years ago

Important update

This organization is not maintained anymore besides critical security bugfixes (if feasible). This organization will be archived when .NET Core 3.1 end of support is reached (3rd Dec 2022). All new development is happening in the new Duende Software organization.

The new Duende IdentityServer comes with a commercial license but is free for dev/testing/personal projects and companies or individuals making less than 1M USD gross annnual revenue. Please get in touch with us if you have any question.

twenzel commented 2 years ago

@Mani4k You may try my fork and build your own packages https://github.com/twenzel/IdentityServer4/tree/feature/UpdateNet7 or you grab a license and migrate to Duende IdentityServer (recommended)

SantosVictorero commented 2 years ago

Thanks @twenzel!

BTW @leastprivilege, last time I checked it's not 12/03/2022 yet.

IMHO, it will be better for your Duendes' marketing to leave this repository updated.

leastprivilege commented 2 years ago

This organization is not maintained anymore besides critical security bugfixes (if feasible).

Updating AutoMapper is not a security bug fix (though some might disagree ;))

SantosVictorero commented 2 years ago

Agreed, but I don't use AutoMapper; IdentityServer4.EntityFramework.Storage.csproj does:

https://github.com/SantosVictorero/IdentityServer4-7/blob/feature/UpdateNet7/src/EntityFramework.Storage/src/IdentityServer4.EntityFramework.Storage.csproj

Probably it was fixed because of a security problem. ;-)

MCKanpolat commented 2 years ago

Every new .Net release includes security fixes. No one expects a new feature to be added to this project but should support Net 7.

leastprivilege commented 2 years ago

Every new .Net release includes security fixes. No one expects a new feature to be added to this project but should support Net 7.

We announced over 2 years ago that we stop working on this code base unless a critical security bug in our code needs to be fixed. This repo will be archived in 3 weeks. Time to move on.

The new code base lives here: https://github.com/DuendeSoftware/IdentityServer

..and there is a free license if that's what is holding back. https://duendesoftware.com/products/communityedition

MCKanpolat commented 2 years ago

Every new .Net release includes security fixes. No one expects a new feature to be added to this project but should support Net 7.

We announced over 2 years ago that we stop working on this code base unless a critical security bug in our code needs to be fixed. This repo will be archived in 3 weeks. Time to move on.

The new code base lives here: https://github.com/DuendeSoftware/IdentityServer

..and there is a free license if that's what is holding back. https://duendesoftware.com/products/communityedition

Thanks, if i'm going to spend some time for migration, my preference is to finding a new alternatives.

SantosVictorero commented 2 years ago

@leastprivilege The concern, many people like me have, it is not about free or money, but what happens if you change the rules in the middle of the game, again! When we build a customized solution for a client, they expect us to keep it current and updated. I can not tell them: Sorry Microsoft updated their framework but Dominic wants $12, 000.00 to update his thing, so I have to increase your support fee.

twenzel commented 2 years ago

@SantosVictorero But you cannot expect doing work for free. It‘s the „risk“ of using a free Open Source library. The owner/maintainer can stop maintain its project out of the sudden. You don’t have a (service) contract with them to force them to update it regularity. Dominik and Brock were kind to announce the retirement of this library long ago (years).

The used license allows you to fork and maintain the code on your own (please respect the license details). But you won‘t get any new features unless you put a huge amount of time to unterstand the specs (respect to @leastprivilege and @brockallen ) and build up wisdom in the Security domain.

leastprivilege commented 2 years ago

but what happens if you change the rules in the middle of the game, again!

You are raising a very good point here. With a real company and a real license/contract you can negotiate things like this just like with any other vendor you have. And we are happy to give you reasonable guarantees.

If you depend on someone's hobby project, you will not get any guarantees whatsoever.

SantosVictorero commented 2 years ago

BTW, I didn't know that Identity Server was a "hobby project"!

If I knew that, I had done something of my own. I have been building "hobbies" for the past 40 years. 8-)

https://www.nuget.org/packages?q=cyberbizsoft

cnblogs-dudu commented 2 years ago

I am trying to upgrade IdentityServer4 to .NET 7. The CI has passed. See https://github.com/cnblogs/IdentityServer4/pull/1

cnblogs-dudu commented 2 years ago

AutoMapper has been updated in Cnblogs.IdentityServer4.EntityFramework.Storage

brockallen commented 2 years ago

BTW, I didn't know that Identity Server was a "hobby project"!

Not to put words in Dominick's mouth, but I think his use of that term means that this is a project we worked on in our free time outside of our normal work hours, which included nights, weekends, and holidays. Formal support is not something we contractually agreed to do with just anyone because they happened to use our code or our NuGet package.

We did offer to do our best to support things up to a point, but after several years of significant, and non-trivial unpaid effort we announced that we'd end free work on this repo and replace it with a new organization intended to provide sustainable and ongoing development, upgrades, maintenance, samples, documentation, and support in exchange for a license fee. That announcement was more than two years ago, and we assumed that would be enough time for anyone depending on this library to plan accordingly.

As a bridge (or a stopgap depending on your situation), we did say we'd patch any security vulnerabilities that came up within the transition period (if feasible) on this old code base. Fortunately none have been reported or been made known to us.

But for future use on updated platforms from Microsoft, the Duende version is the successor.