Security vulnerability concerns over .Net 6.0 EOL and Vortex Fomod and Secure Sandbox modules, with global .Net Runtimes #17240
Description
Currently the Vortex mod manager version 1.13.7 with its FOMOD processor and/or secure sandbox feature, is using .Net 6.0. With Microsoft having End Of Life (EOL) the used version of .Net it's a concern, that running a globally available version of the runtime is leaving a user's system vulnerable to black hats. Which is the current work around for the incompatible changes in the .Net version 8.0 runtimes, that is likely an unacceptable risk.
To correct this is it possible to include a bound instance of the .Net version 6.0.36 runtimes, which will only work with the appropriate modules of Vortex? Thereby limiting the risks of the EOL version used to a user's system.
It likely may increase the size of the installer and/or installation but would reduce the risks, exposed by using the normal globally available runtime installation.
I really think given the status of .Net version 6.0 this needs to be fixed as a matter of urgency, to ensure that user's systems are protected. It will thus ensure that trouble doesn't ensue while working on the replacement mod manager.
https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core