AutoMapper 16.1.1 Released

This release is a patch release to fix a thread deadlock and security issue. From the release notes:

Thread Deadlock

Thanks to @t0m-4 for reporting this issue, which due to Microsoft deprecating some of the "sync" APIs for decryption, led to potential thread starvation and locking issues. The update still has to use a "sync-over-async" pattern, but does so in a much safer manner.

Security

We fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.

Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.

Users should upgrade to this release.

Security advisory: GHSA-rvv3-g6hj-g44x

Thanks to @bluefossa for responsibly disclosing this issue.