I have projects in a repository with trarget framewrk version as lower .net framework versions(2.0,3.0,3.5..etc). I need to upgrade them to higher framework version(v4.8) due to some security vulnerabilities.
But I found that few project's .csproj file has targetframework as netstandard2.0 and netcoreapp2.0. E.g.,
Below are my questions,
- What is the the difference between .net framework, netstandard and netcoreapp?
- Do I need to upgrade projects with targetframework as netstandard and netcoreapp to .net framework version v4.8 in my case? Will there be any security vulnerabilities if I don't upgrade them?
Any help or direction on this is appreciated. Thanks in advance.
I think the official documentation about NET Standard would be the best thing to read in this case.
Every NET standard version defines a subset of API that are included on a specific implementation of the runtime framework (e.g. .NET 4.8, netcoreapp3.1 or NET 7).
Also this image could be helpful.
About your first question: netstandard2.0 is implemented both by NET4.8 and netcoreapp3.1, but not by the older versions of .NET framework (2.0, 3.0, 3.5...). For example, on a project that targets NET4.8 framework you can reference a netstandard2.0 library, whereas this is not possible from a NET3.5 project.