Skip to content

System.Text.Encodings.Web 6.0.0 vulnerability through Microsoft.Extensions.DependencyModel dependency #675

Description

@MartaKolodziejska

Description:
Castle.Windsor 6.0.0 currently depends on Microsoft.Extensions.DependencyModel which pulls System.Text.Encodings.Web 6.0.0. This version has known security vulnerabilities and is incompatible with .NET 8 best practices.

Expected behavior:
For .NET 8 projects, Castle.Windsor should use System.Text.Encodings.Web 8.0.x

Current dependency chain:
Castle.Windsor 6.0.0 → Microsoft.Extensions.DependencyModel → System.Text.Encodings.Web 6.0.0

Environment:

  • .NET 8.0
  • Castle.Windsor 6.0.0

Suggested fix:
Update Microsoft.Extensions.DependencyModel to version 8.0.x

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions