System.Security.Cryptography.Xml@4.4.0 security vulnerability from Microsoft.AspNetCore.Mvc.Razor@2.0.0

[gh5692]

Any plans to update Microsoft.AspNetCore.Mvc.Razor to address this security vulnerability?

MiniProfiler.AspNetCore.Mvc@4.2.22 › Microsoft.AspNetCore.Mvc.Razor@2.0.0 › Microsoft.AspNetCore.Mvc.ViewFeatures@2.0.0 › Microsoft.AspNetCore.Antiforgery@2.0.0 › Microsoft.AspNetCore.DataProtection@2.0.0 › System.Security.Cryptography.Xml@4.4.0

https://github.com/dotnet/announcements/issues/67 https://www.cve.org/CVERecord?id=CVE-2018-0765

[NickCraver]

The next version (4.3) will drop support for very out of date/unsupported versions of ASP.NET Core and minimize dependencies for the net6.0+ versions (including this issue). Here's the changes that are going in: #637.

If for some reason you are on the very old frameworks, you can update these references to any versions you like that are compatible - NuGet dependencies are purely minimums and not enforcements so you are free to upgrade :)

[cafedo]

The next version (4.3) will drop support for very out of date/unsupported versions of ASP.NET Core and minimize dependencies for the net6.0+ versions (including this issue). Here's the changes that are going in: #637.

If for some reason you are on the very old frameworks, you can update these references to any versions you like that are compatible - NuGet dependencies are purely minimums and not enforcements so you are free to upgrade :)

Ok nice! Do you know more or less a range of time when the release 4.3 will be release?

[NickCraver]

Tidying up older issues - this is on NuGet now :)