You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+13-5Lines changed: 13 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -30,10 +30,12 @@ int c = 10;
30
30
db.Customers.WhereInterpolated($"City == {cityName} and Orders.Count >= {c}");
31
31
```
32
32
33
+
---
34
+
33
35
## :exclamation: Breaking changes
34
36
35
37
### v1.3.0
36
-
A breaking change is introduced in version 1.3.0 which is related to calling methods on classes.
38
+
A breaking change is introduced in this version which is related to calling methods on classes.
37
39
Due to security reasons, it's now only allowed to call methods on the standard predefined classes like (`bool`, `int`, `string` ...).
38
40
If you want to call a method on an own custom class, annotate that class with the [DynamicLinqType](https://dynamic-linq.net/advanced-extending#dynamiclinqtype-attribute).
39
41
Example:
@@ -44,11 +46,17 @@ public class MyCustomClass
44
46
publicintGetAge(intx) =>x;
45
47
}
46
48
```
49
+
If it's not possible to add that attribute, you need to implement a custom [CustomTypeProvider](https://dynamic-linq.net/advanced-configuration#customtypeprovider) and set this to the `ParsingConfig` and provide that config to all dynamic calls.
50
+
Or provide a list of addtional types in the [DefaultDynamicLinqCustomTypeProvider.cs](https://github.com/zzzprojects/System.Linq.Dynamic.Core/blob/master/src/System.Linq.Dynamic.Core/CustomTypeProviders/DefaultDynamicLinqCustomTypeProvider.cs).
47
51
48
-
If it's not possible to add that attribute, you need to implement a custom [CustomTypeProvider](https://dynamic-linq.net/advanced-configuration#customtypeprovider) and set this to the `ParsingConfig` and provide that config to the dynamic call.
52
+
### v1.6.0-preview-01, 02, 03
53
+
A breaking change is introduced in this version to solve CVE-2024-51417.
54
+
It's not allowed anymore to call any methods on the `object` type. By default also the `ToString` and `Equals` methods are not allowed.
55
+
To allow these methods set `AllowEqualsAndToStringMethodsOnObject` to `true` in the `ParsingConfig` and provide that config to all dynamic calls.
@@ -83,10 +91,10 @@ The following frameworks are supported:
83
91
- uap10.0
84
92
85
93
### Fork details
86
-
This fork takes the basic library to a new level. Contains XML Documentation and examples on how to use it. Also adds unit testing to help ensure that it works properly.
94
+
This fork takes the basic library to a new level. Also adds unit tests to help ensure that it works properly.
87
95
88
96
Some background:
89
-
I forked from https://github.com/NArnott/System.Linq.Dynamic and added some more functionality there.<br>My fork is still visible on github [https://github.com/StefH/System.Linq.Dynamic], however I decided to start a new project + nuget to avoid confusion and create the project according to the new VS2017 + .NET Core rules / standards.
97
+
I forked from https://github.com/NArnott/System.Linq.Dynamic and added some more functionality there.<br>My fork is still visible on github [https://github.com/StefH/System.Linq.Dynamic], however I decided to start a new project + NuGet to avoid confusion and create the project according to the new VS2017 + .NET Core rules / standards.
90
98
91
99
However, currently there are multiple nuget packages and projects available:
0 commit comments