no vulnerability free version for netstandard or netframework 4.7

[ispysoftware]

Prerequisites

• [X] I have written a descriptive issue title
• [X] I have verified that I am running the latest version of ImageSharp
• [X] I have verified if the problem exist in both DEBUG and RELEASE mode
• [X] I have searched open and closed issues to ensure it has not already been reported

ImageSharp version

3.1.3

Other ImageSharp packages and versions

2.1.6

Environment (Operating system, version and so on)

Windows 64

.NET Framework version

NetFramework 4.7.2

Description

We're stuck on imagesharp 2.1.6 as it's the last update that supports net framework 4.7.2 which our application uses for various windows specific reasons. Now that's been marked as vulnerable we have no upgrade path except to remove it or rewrite our entire application for net 6 which isn't an option because of various missing pieces. Are there any plans to patch the 2.x versions with the vulnerability fix and release a 2.1.7? Otherwise this is a show-stopper for net framework applications.

Steps to Reproduce

Use 2.1.6 - vulnerability flagged in nuget - can't update to 3.3 as net 6 only

Images

No response

[dlemstra]

Closing this as a duplicate of #2686.