-
-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security question(s) regarding BinaryFormatter #49
Comments
I think the problem is primarily related to the use of netstandard2.0 in the common project. Because of this, the netstandard2.0 version of the library with BinaryFormatter will be used by default. |
@HavenDV Thank you for your reply! I switched the common project to
With Just letting you know. It's actually not my biggest concern since I can force use of |
Perhaps you are using the latest stable version instead of the latest prerelease version? |
Yes! Missed that part. With client = new PipeClient<PipeMessage>(pipeName); Thanks a lot!! So, can you please assure, that with prerelease (or when using |
Yes, you can double-check this by ensuring that you will not use the H.Formatters.BinaryFormatter library - this should be absent in transitive dependencies and after the application is deployed in the list of files. |
Thank you very much!! |
Hi, first of all let me say thanks for you great project!
I've seen in #42 that you switched away from
BinaryFormatter
toSystemTextJsonFormatter
.Nevertheless, in my
.NET 8
app, I'm still getting errors (as in #42) with this sample code, so I have to specifySystemTextJsonFormatter
explicitly to get rid of errors:BinaryFormatter
is still a default formatter, and one should specifySystemTextJsonFormatter
explicitly? Or am I doing something wrong?BinaryFormatter
is not used anywhere in the compiled app? (so this does not apply any more...)The text was updated successfully, but these errors were encountered: