Newtonsoft.Json

Here's the forum post from 4 years back about Newtonsoft.Json.

The reason for me raising the concern myself, although it's been asked before, is that we have cybersecurity requirements applicable to our business. The version of Newtonsoft being run raises red flags as it's been flagged as having a Sev 7.5 defect up to version 13.0.1. M-Files is still sitting on 10.0.3 which dates back to 2017. 13.0.1 is the fixed version and that's been around since 2021, and the latest version is from this year.

I appreciate that this is probably somewhere on the radar, but it seems reasonable for security issues to get more priority than an 8 year delay on updating third party dependencies would imply. Appreciate any feedback on this, thanks! 

Here's the forum post from 4 years back about Newtonsoft.Json.

The reason for me raising the concern myself, although it's been asked before, is that we have cybersecurity requirements applicable to our business. The version of Newtonsoft being run raises red flags as it's been flagged as having a Sev 7.5 defect up to version 13.0.1. M-Files is still sitting on 10.0.3 which dates back to 2017. 13.0.1 is the fixed version and that's been around since 2021, and the latest version is from this year.

I appreciate that this is probably somewhere on the radar, but it seems reasonable for security issues to get more priority than an 8 year delay on updating third party dependencies would imply. Appreciate any feedback on this, thanks!