Comments (20)
There's lots of software running imagesharp that is using net framework 4.7.2 and has not been ported to net 6
Yes, there may well be, however.
Almost nobody contributes code
Almost nobody purchases licenses
If they had and it was possible to actually maintain the libraries to a degree that would allow me to actually either earn a living working on them or pay others to assist then there would be more comprehensive support.
Ideally there'd be net standard 2 compatible builds of 3.x
See
#2378 regarding discussions around target frameworks.
from imagesharp.
Do not abuse the issue tracker like this.
from imagesharp.
I see. I need to support .NET Standard 2.0 libraries that cannot upgrade to 3.x. Because 3.x no longer supports .NET Standard 2.0, it seemed reasonable to at least request CVE backports, at least for some time.
from imagesharp.
That didn't involve any funding though.
Anyway... The fix has been backported.
from imagesharp.
It's really not relevant to this repository at all now. The package is published and explicitly marked as safe.
from imagesharp.
@JimBobSquarePants There's lots of software running imagesharp that is using net framework 4.7.2 and has not been ported to net 6 (and it isn't possible to port some of it due to missing feature sets on windows). Net framework 4.7.2 is LTS to 2032. Can't add a reference to net 6 from a 4.7.2 full framework application. Ideally there'd be net standard 2 compatible builds of 3.x
from imagesharp.
Delete your .vs folder. If that doesn't work, try deleting your local NuGet cache.
If that doesn't work I'd suggest reporting the issue to Microsoft as everything is correctly marked at the source.
from imagesharp.
My apologies. Why is this abusing the issue tracker?
from imagesharp.
Please see the highlighted checkbox
v2.1.6 is a full major version behind the latest stable release v3.1.3. As such, your completion of this is incorrect. v3.0.0 was released over one year ago and I am actively working on v4 now. You should upgrade your working version to the latest release.
from imagesharp.
Understood, sorry i had the distinct impression this was Microsoft sponsored for some reason.
from imagesharp.
Thanks all for the discussion.
I think there's a difference between active new feature support and CVE backports. But regardless.
My current use of ImageSharp is to read image dimensions from certain images. The simplest path for me is to switch to something else that supports the platforms I currently need to target. It looks like SkiaSharp has that basic functionality, so I'll be switching to that.
from imagesharp.
Understood, sorry i had the distinct impression this was Microsoft sponsored for some reason.
At one time, ImageSharp was part of the .NET Foundation. Not the case anymore. See https://dotnetfoundation.org/news-events/detail/update-on-imagesharp if you want their take on it.
from imagesharp.
Thanks @JimBobSquarePants it's much appreciated.
I tried the updated version but i'm still getting a warning in visual studio
from imagesharp.
Thanks @JimBobSquarePants it's much appreciated. I tried the updated version but i'm still getting a warning in visual studio
NuGet doesn't show an advisory - have you rebuilt the project and/or refreshed your NuGet feed?
from imagesharp.
@tiesont yes i've tried turning it off and on again and everything. Clean/ Rebuild, Restart etc.
It's weird as it doesn't say "Vulnerable" in the Version dropdown in package manager but does in the solution explorer
from imagesharp.
cleared the nuget cache via Tools > NuGet Package Manager > Package Manager Console
deleted .vs folder
still shows as vulnerable
created an entirely new project and referenced 2.1.7 - shows as vulnerable in solution explorer
tried it on another pc - same results
maybe someone else wants to try it?
from imagesharp.
cleared the nuget cache via Tools > NuGet Package Manager > Package Manager Console deleted .vs folder still shows as vulnerable
created an entirely new project and referenced 2.1.7 - shows as vulnerable in solution explorer tried it on another pc - same results
maybe someone else wants to try it?
I see the same behavior, but like @JimBobSquarePants says, this is 99.999% likely to be a Visual Studio or Nuget Package Manager bug, not an issue with ImageSharp.
from imagesharp.
ok thanks for confirming - maybe it'll resolve itself / some cache somewhere needs to reset.
from imagesharp.
There must be something VS uses that caches the vulnerability list. I can install the version fine and as you say is doesn't show as vulnerable in the package manager but yes it shows as vulnerable in the dependencies. I would definitely raise this upstream.
from imagesharp.
Would this be worth adding as a new discussion here, just to have a place to direct this conversion that isn't polluting this particular issue?
I'm currently looking in the issue tracker for the NuGet client tools to see if it's been reported yet, regardless.
from imagesharp.
Related Issues (20)
- Unable to generate a thumbnail as expected HOT 10
- CR2: System.NotSupportedException: Missing SOI marker offset for tiff with old jpeg compression HOT 2
- NullReferenceException when trying to load an animated PNG HOT 1
- Black Background after resizing in the latest version. HOT 4
- AccessViolationException and hard crash with animated webp HOT 8
- Simple conversion of Tiff file to PNG or JPG generates a strange result, even, at certain times, it is in 3D perspective HOT 6
- no vulnerability free version for netstandard or netframework 4.7 HOT 1
- Cannot update to v2.1.7 due to vulnerability tag HOT 4
- Exception SixLabors.ImageSharp.ImageFormatException: 'reserved bytes should be zero' when using Image.LoadAsync HOT 7
- Exif rotation and save HOT 4
- Error SixLabors.ImageSharp.ImageFormatException: 'Unexpected chunk followed VP8X header' HOT 3
- File (detected as bmp) fails to open, consumes a lot of memory HOT 4
- regression on latest.. 3 vs 2 with GIF HOT 6
- APNG Decoder incorrectly handles frame offsets and dispose previous with blend over HOT 3
- Hard crash (Internal CLR error) with corrupt PNG image HOT 3
- File conversion from jpg to webp changes colors of the image HOT 1
- Malicious hand-crafted PNG can be used to trigger DOS attack HOT 14
- I have encountered a bug with heigh and width of image HOT 4
- Missing Separable Blending Modes? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from imagesharp.