16.1.12026-03-13T15:27:14Z
Release notesWhat's Changed
- Better async handling of license validation; fixes #4612 by @jbogard in https://github.com/LuckyPennySoftware/AutoMapper/pull/4613
- More artifacts for builds (test results and SBOM) by @jbogard in https://github.com/LuckyPennySoftware/AutoMapper/pull/4615
- Update Microsoft.Sbom.DotNetTool to 4.1.5 by @jbogard in https://github.com/LuckyPennySoftware/AutoMapper/pull/4616
Security
- Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.
- Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.
- Users should upgrade to this release.
- Security advisory: GHSA-rvv3-g6hj-g44x
- Thanks to @skdishansachin for responsibly disclosing this issue.
- Full Changelog: https://github.com/LuckyPennySoftware/AutoMapper/compare/v16.1.0...v16.1.1