Vulnerability in ImageSharp dependency #82
Comments
|
ImageSharp 3 has a less permissive license requiring payment for commercial projects IIRC. I'm not sure if this is an option for commercial projects using Aardvark. |
|
According to the license text, indirect usage of ImageSharp falls under the Apache 2.0 license. If I understand this correctly, for commercial Aardvark users that don't use ImageSharp directly, no license changes should happen. |
|
That's how I understand it as well. Back then we had some concerns, but I don't remember the details. It's probably fine as it is worded. |
|
Apparently, they backported the fix and released 2.1.7. You should be able to use that without requiring a new Aardvark.Base version. Still, it might be a good idea to move to 3.X eventually. Edit: ImageSharp 3.X only supports .NET >= 6 |
|
OK, then I think an update to 2.1.7 would bei sufficient 👍 |
The currently used SixLabors.ImageSharp version has a vulnerability, which produces following compiler warning:
NU1903 Warning As Error: Package 'SixLabors.ImageSharp' 2.1.6 has a known high severity vulnerability, https://github.com/advisories/GHSA-65x7-c272-7g7rSixLabors.ImageSharp should be updated to 3.1.3.
The text was updated successfully, but these errors were encountered: