Hypothetically, If a CVE is reported for .NET Framework version ...

[EricRohlfs]

Clarification on definition of 'supported'. If a CVE were found or reported for a .NET Framework version of AutoMapper would you patch it?

The reason I ask is, you announced AutoMapper 11 would drop .NET Framework support. We still use a .NET Framework version, and can keep using it as long as there is some commitment to support around potential security issues. If a potential security issue would not be patched, then we have to migrate off of AutoMapper. Upgrading to core for a very large WCF is not a viable option right now.

[jbogard]

Yes, we would release a patch version for a CVE.

[jbogard]

But just a reminder, under the MIT license:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.