Take the community feedback survey now.

AI OnAI Off

CMS.Core depends on a vulnerable MimeKit version

huseyinerdinc
huseyinerdinc
Vote:
 

Hello, the CMS.Core package is dependent on MailKit v3 which in turn is dependent on MimeKit v3. This version is marked as vulnerable and therefore it should be updated to a higher version.

I am aware that we can solve the problem by installing the package directly but this approach is not maintainable in the long run.

The same problem exists on ImageLibrary.ImageSharp package as well where the minimum supported version is resolved automatically, which is marked as vulnerable:

#340771
Oct 15, 2025 14:18
Quan Mai
Quan Mai
Vote:
 

Thanks, as you said the workaround is to update the dependecy version. CMS.Core allows MailKit up to 4.x, so that should work for now. I will file a bug for this so newer version of CMS.Core will depend on MailKit 4.7.1 at least

#340774
Oct 15, 2025 14:50
Quan Mai - Oct 15, 2025 14:53
bug is CMS-46161 (not yet public)
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.