Open Moritzschmidt opened 7 years ago
This is not the correct repository for feedback. Please use the discussion thread over here instead: https://github.com/aspnet/Mvc/issues/6246
The original announcement does explain this under the After updating your direct dependencies header:
To fix this, edit the version for the expected package to be the version expected by updating your csproj or project.json in the same way that you used to update the vulnerable package versions.
So in this case, since the error mentioned “expected Microsoft.AspNetCore.Routing >= 1.0.4”, you would have to update the package to 1.0.4
or greater.
Also, please do not post issues in this repository. It is solely meant for announcements and not for discussion of said announcements.
Hello, My application is an
ASP.NET Core 1.0 Web API
.According to the Microsoft Security Advisory 4021279, I wanted to update the direct dependicies of my project.
In the
MyClassName.csproj
is the following line:<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.0.3" />
which I change to:
<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.0.4" />
because the version
1.0.0
,1.0.1
,1.0.2
,1.0.3
1.1.0
,1.1.1
,1.1.2
of Microsoft.AspNetCore.Mvc are not save to use.If I then try to run the project, Iam getting the following errormessage:
The post on Git also says
As you can see Iam not getting this error message. However, I was able to fix the error by updating the package
Microsoft.AspNetCore.Routing
to1.0.4
.This should maybe added to the post.