Upgrade Microsoft.AspNet.Mvc version from 5.10 to a greater version

[dash-ravikhoda]

Problem Statement

Currently Autofac.Mvc using Microsoft.AspNet.Mvc version 5.10 which is outdated.

Desired Solution

Upgrade Microsoft.AspNet.Mvc to latest version.

Alternatives You've Considered

Additional Context

[tillig]

Is this something that can't be fixed by adding the reference to your project or is something broken that would be fixed by this? We generally don't update for the sake of updating.

[dash-ravikhoda]

@tillig Thanks for the quick update. I am requesting this as one of the security scan tools suggested that Microsoft.AspNet.MVC version 5.10 has a vulnerability of cross-site scripting which can be fixed by updating the latest Nuget package in my project.

When I checked my project, I found that Autofac.MVC is using Microsoft.AspNet.MVC version 5.10.

[tillig]

Have you tried adding a direct reference to the newer Microsoft.AspNet.Mvc in your project? You should be able to do that and resolve it with no change to Autofac integration.

[dash-ravikhoda]

Yes, I did. But it still shows the issue with the Autofac only.

[tillig]

This seems like a bug in your security scanning software. If you reference both the Autofac package and the updated MVC package, your app will run with the update, not the old version. It shouldn't be scanning the Autofac package in isolation.