While scanning our projects for security vulnerabilites, we noticed that Telerik.UI.for.AspNet.Core 2023.2.606 references an of .NET Core 2.1 which is 5 years old and long since unsupported? This means that using Telerik.UI.for.AspNet.Core immediately introduces the critical security vulnerabilies present in .NET Core 2.1. Why does it depend on this ancient version of .NET?
Here is a new completely empty project created just now (July 2023!) and you can see the references to .NET Core 2.1:
And here's a resulting security scan of this empty project:
Is .NET Core still supported by Telerik because it seems odd this hasn't been fixed in 5 years.
We often have hacking attempts like https://our_ip/Telerik.Web.UI.WebResource.axd?....
Can I change the name of WebResource.axd to something like xyz.axd?