Should package version match assembly version? #3587
-
I've updated NH in my solution to 5.5.2 to address the recent vulnerabilities, but it appears the the assembly is still marked as 5.5.0 (for package 5.5.2). 5.4.9 is marked as 5.4.0. Since this vulnerability is only fixed in these specific patch versions, shouldn't the assembly be updated to indicate that? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
No, it should not. It allows the patched assembly to be used as a dropped-in replacement, without recompiling the consuming applications, especially with .Net Framework. See this StackOverflow answer and other answers to the question, for more on the subject. |
Beta Was this translation helpful? Give feedback.
No, it should not. It allows the patched assembly to be used as a dropped-in replacement, without recompiling the consuming applications, especially with .Net Framework.
See this StackOverflow answer and other answers to the question, for more on the subject.