[Runtime] [development-branch] ImageSharp version vulnerability

ProwlEngine / Prowl

An Open Source C# 3D Game Engine under MIT license, inspired by Unity and featuring a complete editor

MIT License

447 stars 37 forks source link

[Runtime] [development-branch] ImageSharp version vulnerability #146

Closed brmassa closed 2 months ago

brmassa commented 2 months ago

As described in https://github.com/advisories/GHSA-65x7-c272-7g7r, SixLabors.ImageSharp 's versions below 2.1.7 and/or 3.1.3 have a vulnerability flaw.

Updated to the latest version (which jumps from 2.1.3 to 3.1.5). Also, update:

NuGet.Protocol.* to 6.11.0
Silk.NET.OpenAL.Soft.Native to 1.23.1

michaelsakharov commented 2 months ago

Switched it to 2.1.9 due to the ImageSharp.Textures package we use is incompatible with anything beyond 2.1. We use ImageSharp.Textures for DDS format support.