Releases: LuckyPennySoftware/AutoMapper
v15.1.3
What's Changed
- Fix GHSA-rvv3-g6hj-g44x: default MaxDepth of 64 for self-referential types (15.x backport) by @jbogard in #4619
Security
Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.
Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.
Users should upgrade to this release.
Security advisory: GHSA-rvv3-g6hj-g44x
Thanks to @skdishansachin for responsibly disclosing this issue.
Full Changelog: v15.1.0...v15.1.3
Contributors
Assets 2
v16.1.1
What's Changed
- Better async handling of license validation; fixes #4612 by @jbogard in #4613
- More artifacts for builds (test results and SBOM) by @jbogard in #4615
- Update Microsoft.Sbom.DotNetTool to 4.1.5 by @jbogard in #4616
Security
Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.
Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.
Users should upgrade to this release.
Security advisory: GHSA-rvv3-g6hj-g44x
Thanks to @skdishansachin for responsibly disclosing this issue.
Full Changelog: v16.1.0...v16.1.1
Contributors
Assets 2
v15.1.2
What's Changed
- docs: Document duplicate license message behavior and fixes by @Copilot in #4617
Security
Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.
Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.
Users should upgrade to this release.
Security advisory: GHSA-rvv3-g6hj-g44x
Thanks to @skdishansachin for responsibly disclosing this issue.
Full Changelog: v16.1.1...v15.1.2
Contributors
Assets 2
v15.1.1
What's Changed
- docs: Document duplicate license message behavior and fixes by @Copilot in #4617
Security
Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.
Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.
Users should upgrade to this release.
Security advisory: GHSA-rvv3-g6hj-g44x
Thanks to @skdishansachin for responsibly disclosing this issue.
Full Changelog: v16.1.1...v15.1.1
Contributors
Assets 2
v16.1.0
What's Changed
- Add Debug and Release build configurations to slnx by @Copilot in #4590
- Migrating to slnx by @jbogard in #4589
- Allow disabling of polymorphic LINQ mapping by @jbogard in #4596
- Fix duplicate BOM in ServiceCollectionExtensions.cs by @Copilot in #4600
- Fix review feedback: double semicolon, DI condition integration test, docs example by @Copilot in #4601
- Adding DI-enabled conditions and pre-conditions; updated docs accordi⦠by @jbogard in #4599
- Adding support for DI-enabled destination factories. by @jbogard in #4603
- Correctly converting nullables for MapAtRuntime; fixes #4597 by @jbogard in #4604
- Correctly handling consecutive uppercase characters; fixes #4593 by @jbogard in #4605
- Wrapping the exception to provide better feedback to the user; fixes β¦ by @jbogard in #4606
- Fixing bug around order of open generic registration by @jbogard in #4607
- Adding perpetual licensing by @jbogard in #4608
New Contributors
- @Copilot made their first contribution in #4590
Full Changelog: v16.0.0...v16.1.0
Contributors
Assets 2
v16.0.0-beta-1
What's Changed
Full Changelog: v15.1.0...v16.0.0-beta-1
This release is a beta release that introduces .NET 10 support and package signing. Signed packages means going forward packages can be validated against trusted authorities that the package has been published by Lucky Penny Software and not tampered with.
Contributors
Assets 2
v16.0.0
What's Changed
Full Changelog: v15.1.0...v16.0.0
Contributors
Assets 2
v15.1.0
What's Changed
- remove Microsoft.SourceLink.GitHub by @SimonCropp in #4555
- Direct .NET 4.x support by @jbogard in #4569
- Bumping the JsonWebTokens because of GHSA-8g4q-xg66-9fp4; fixes #4575 by @jbogard in #4576
- Provide better exceptions for errors when building the mapping plan by @jbogard in #4577
- Adding docs for license configuration by @jbogard in #4581
- Updating refs to fix missing method issue by @jbogard in #4582
New Contributors
- @SimonCropp made their first contribution in #4555
Full Changelog: v15.0.1...v15.1.0
Contributors
Assets 2
v15.0.1
What's Changed
- Removing public signing; fixes #4545 by @jbogard in #4552
- Adding back missing overloads and reverting registering behavior by @jbogard in #4554
Full Changelog: v15.0.0...v15.0.1
This release supersedes the 15.0.0 release, reverting behavior and overloads so that the AddAutoMapper overloads separate the "scanning for maps" from the "scanning for dependencies". Unfortunately it's not really possible to combine these two together.
This also fixes a critical bug in #4545 that does not work with .NET 4.x applications (as intended).
Because of this, the 15.0.0 will be delisted because of the breaking changes there.
Contributors
Assets 2
v15.0.0
Full Changelog: v14.0.0...v15.0.0
- Added support for .NET Standard 2.0
- Requiring license key
- Moving from MIT license to dual commercial/OSS license
To set your license key:
services.AddAutoMapper(cfg => {
cfg.LicenseKey = "<License key here>";
});This also introduced a breaking change with MapperConfiguration requiring an ILoggerFactory for logging purposes:
public MapperConfiguration(MapperConfigurationExpression configurationExpression, ILoggerFactory loggerFactory)Registering AutoMapper with services.AddAutoMapper will automatically supply this parameter. Otherwise you'll need to supply the logger factory.
You can obtain your license key at AutoMapper.io