Update BouncyCastle.Cryptography to 2.3.1

[SerhiyBalan]

Hello

BouncyCastle.Cryptography developers released an update with fixed medium-priority security vulnerabilities:

• TLS: Fixed timing side-channel for RSA key exchange (CVE-2024-30171 – “The Marvin Attack”).
• EdDSA: Fixed verification infinite loop (regression in 2.1.0) (CVE-2024-30172).
• EC: Restricted m value in F2m curves (CVE-2024-29857).

Please update MimeKit/MailKit when you have some free time

Thank for you for your hard work

[jstedfast]

Already did, but I am waiting on 2.4.0 for another fix that I've done to MimeKit that currently depends on 2.4.0-beta61

[jstedfast]

Here's my current plan:

I just poked Peter Dettman from BouncyCastle to see if he's planning a 2.4.0 release in the very short term.

If he's planning to make that release soon, I'll wait and push a new MimeKit that depends on >= 2.4.0 as soon as he makes his release.

If not, I will revert the fixes that depend on 2.4.0-beta61 and make a new release that depends on BouncyCastle >= 2.3.1 and then release a new version that depends on >= 2.4.0 as soon as that becomes available.

[jstedfast]

Released 4.6.0