Vulnerability in EPiServer.Forms
Are there any plans to update structuremap to version 3 for the EPiServer Framework package. The version that are used today are nearly three year old and a lot has happen since then.
+1, and I would like of course to see similar direction as with log4net -> that structuremap is abstracted, extracted out and I can provide my own.
Currently there is no signed version of StructureMap 3 available. We could of course build our own version of it and sign it but that is something we like to avoid.
But this is of course something we will take into consideration if/when we target the AspNet 5 version. Which in many way is a complete new framework that is not backward compatible. This will force us to rewrite alot of our code and there we have an opportunity to make descisions that otherwise would be considered breaking (like abstracting away the actual IOC container implementation).
What's the background on why signed versions are preferred or mandatory? The short version with EPi's angle for us that aren't on top of it right now and admitting it :-)
Have read this: http://blog.nuget.org/20150203/package-signing.html