hyazinthh
commented
9 months ago ImageSharp 3 has a less permissive license requiring payment for commercial projects IIRC. I'm not sure if this is an option for commercial projects using Aardvark.
Closed madorjan closed 3 months ago
hyazinthh
commented
9 months ago ImageSharp 3 has a less permissive license requiring payment for commercial projects IIRC. I'm not sure if this is an option for commercial projects using Aardvark.
madorjan
commented
8 months ago According to the license text, indirect usage of ImageSharp falls under the Apache 2.0 license. If I understand this correctly, for commercial Aardvark users that don't use ImageSharp directly, no license changes should happen.
hyazinthh
commented
8 months ago That's how I understand it as well. Back then we had some concerns, but I don't remember the details. It's probably fine as it is worded.
hyazinthh
commented
8 months ago Apparently, they backported the fix and released 2.1.7. You should be able to use that without requiring a new Aardvark.Base version. Still, it might be a good idea to move to 3.X eventually.
Edit: ImageSharp 3.X only supports .NET >= 6
madorjan
commented
8 months ago OK, then I think an update to 2.1.7 would bei sufficient 👍
The currently used SixLabors.ImageSharp version has a vulnerability, which produces following compiler warning:
NU1903 Warning As Error: Package 'SixLabors.ImageSharp' 2.1.6 has a known high severity vulnerability, https://github.com/advisories/GHSA-65x7-c272-7g7rSixLabors.ImageSharp should be updated to 3.1.3.