Upgrade to .NET 9 and Resolve Security Vulnerabilities #22
Description
🎯 Objective
Upgrade the project from .NET Core 3.0 to .NET 9 to resolve multiple security vulnerabilities and modernize the codebase with current best practices.
📝 Background
The current project targets .NET Core 3.0, which is no longer supported and has multiple security vulnerabilities as evidenced by the numerous security issues reported by dependency scanners. The project can be significantly improved by upgrading to .NET 9.
🔍 Current Issues This Would Address
This upgrade would resolve or mitigate many of the existing security vulnerability issues:
- CVE-2021-26701 (High) - System.Text.Encodings.Web vulnerability
- CVE-2019-0820 (High) - System.Text.RegularExpressions vulnerability
- CVE-2017-0248, CVE-2017-0247, CVE-2017-0249 (High) - System.Net.Http vulnerabilities
- CVE-2018-8292 (Medium) - .NET Core information disclosure vulnerability
- jQuery vulnerabilities (CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)
🤝 Contributing
I'd be happy to contribute this upgrade to help modernize the project and resolve the security issues. This would be a significant improvement that would benefit all developers using this example.
📋 Checklist
- Update target framework to .NET 9
- Update all NuGet packages
- Modernize code patterns (Startup.cs → Program.cs)
- Update OAuth2 implementation
- Update client-side dependencies (jQuery, etc.)
- Add comprehensive testing
- Update README and documentation
- Verify all functionality works correctly
Would the maintainers be open to this contribution? I believe this would significantly improve the project's security posture and provide a better example for developers.