This is compiled using an old version of Newtonsoft.Json

[User8943242]

Describe the bug

This is compiled using an old version of Newtonsoft.Json. When I download the Nuget package it says it needs version 9.0.0.0. I need to use this in a project which has a new version.

To Reproduce

Install via nuget
compile

Expected behavior

I expected it to use the latest or near latest version of netwonsoft.json.

Code snippets

No response

OS

iis

.NET version

.NET framework 4.6.1

Library version

current

API version

current

Additional context

No response

[anniel-stripe]

Hello @User8943242 ! Can you check your configuration file and confirm you have bindingRedirect entry to Newtonsoft.json? See this Stack Overflow answer for an example.

If this doesn't resolve this issue, can you provide the version of Newtonsoft.Json you are using and the exception details you are seeing?

[User8943242]

Thanks. I'll check it out. Would it not be better for Stripe to use the latest version anyway for security?

[anniel-stripe]

Hi @User8943242 , this is something we are considering. As this would be a breaking change, we'll upgrade this dependency in the next major version.

[User8943242]

Hi @User8943242 , this is something we are considering. As this would be a breaking change, we'll upgrade this dependency in the next major version.

Thanks.

[equinoxe3d]

FYI, in the meantime if anyone needs to downgrade their Newtonsoft.Json version to 9.0.1 for Stripe.net to work, there's a high severity vulnerability that can be mitigated by adding the following under the Application_Start of your Global.asax, as described here:

C#: JsonConvert.DefaultSettings = () => new JsonSerializerSettings { MaxDepth = 128 };

VB: JsonConvert.DefaultSettings = Function() New JsonSerializerSettings With {.MaxDepth = 128}

[ismkdc]

We definitely need system.text.json version of stripe.net