Version 4.8.1 release
I am pleased to announce the release of CSLA .NET version 4.8.1.
🛑 🔐 Security warning: This version of CSLA .NET allows the use of
WcfProxy.WcfProxyuses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid usingWcfProxyor upgrade to CSLA 6 or higher where this issue does not exist.
🛑 This is a big change, because I was able to eliminate the CSLA-Core-NS package. If you are using the CSLA-Core-NS package you will need to remove that reference and add a reference to the CSLA-Core package.
⚠ If you have any custom rules (subclass of BusinessRule or implement IBusinessRule you will need to update all Execute methods to accept an IRuleContext parameter instead of a RuleContext parameter.
There are a number of other changes and bug fixes including:
From 4.8.1:
- #946 Fix NullReferenceException in DataPortalException.BusinessException
From 4.8.0:
- #927 Eliminate
CSLA-Core-NSpackage 🛑 - #703 Allow use of
BinaryFormatterin .NET Standard 2.0 and .NET Core - #344 Stop caching
DisplayNamevalue so localization works as expected ⚠ - #344 Ensure string properties default to
String.Emptynotnull⚠ - #827 Eliminate
NullReferenceExceptioninRule.Complete⚠ - #340 Enable per-type authz rules when passing interface types to the data portal
- #917 Fix issue with non-default timeout in
HttpProxy - #635 Move wiki to the
/docsdirectory so it is part of the repo - #650 Better exception when incorrect CslaDataPortalProxy is specified
- #938 Simplify version numbering so we can start using semver
- #914 WARNING 0xdef01051 No default or neutral resource given for UWP
You can see all the closed work items in GitHub.
💡 After this release I'll start officially using the semver (semantic versioning) concept, so breaking changes will be more clearly noted via version changes. In this release I've started that process by using a .0 instead of .100 for the patch number.