search

autofac / Autofac.Mvc

ASP.NET MVC integration for Autofac
MIT License
49 stars 23 forks source link

Upgrade Microsoft.AspNet.Mvc version from 5.10 to a greater version #41

Open dash-ravikhoda opened 1 year ago

dash-ravikhoda commented 1 year ago

Problem Statement

Currently Autofac.Mvc using Microsoft.AspNet.Mvc version 5.10 which is outdated.

Desired Solution

Upgrade Microsoft.AspNet.Mvc to latest version.

Alternatives You've Considered

Additional Context

tillig commented 1 year ago

Is this something that can't be fixed by adding the reference to your project or is something broken that would be fixed by this? We generally don't update for the sake of updating.

dash-ravikhoda commented 1 year ago

@tillig Thanks for the quick update. I am requesting this as one of the security scan tools suggested that Microsoft.AspNet.MVC version 5.10 has a vulnerability of cross-site scripting which can be fixed by updating the latest Nuget package in my project.

When I checked my project, I found that Autofac.MVC is using Microsoft.AspNet.MVC version 5.10.

tillig commented 1 year ago

Have you tried adding a direct reference to the newer Microsoft.AspNet.Mvc in your project? You should be able to do that and resolve it with no change to Autofac integration.

dash-ravikhoda commented 1 year ago

Yes, I did. But it still shows the issue with the Autofac only.

tillig commented 1 year ago

This seems like a bug in your security scanning software. If you reference both the Autofac package and the updated MVC package, your app will run with the update, not the old version. It shouldn't be scanning the Autofac package in isolation.