Saturday, May 9, 2026

Using Helvetica Neue font

 Adding Helvetica Neue to your CSS is a classic choice for a clean, modern look. However, because it is a licensed font owned by Monotype, it isn't "free" to host like a Google Font. You have to handle it differently depending on whether you're relying on the user's system or hosting the files yourself.1. The "System Font" Method (Recommended)This is the fastest and most common way. Since Helvetica Neue comes pre-installed on almost all Macs and iOS devices, you can simply call it in your font stack. If the user doesn't have it (like on most Windows or Android devices), the browser will fall back to the next font in your list.CSS.your-class {

  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;

}

Why this order? The browser reads left-to-right. It tries to find "Helvetica Neue" first. If that fails, it looks for "Helvetica," then "Arial," and finally any generic "sans-serif" font.2. Using @font-face (Self-Hosting)If you have purchased a web license and have the font files (e.g., .woff2 or .woff), you can host them on your own server. This ensures the font appears on all devices, even Windows.Upload the font files to your project folder (e.g., /fonts/).Define the font in your CSS:CSS@font-face {

  font-family: 'Helvetica Neue';

  src: url('fonts/helvetica-neue-bold.woff2') format('woff2'),

       url('fonts/helvetica-neue-bold.woff') format('woff');

  font-weight: bold;

  font-style: normal;

}


body {

  font-family: 'Helvetica Neue', Arial, sans-serif;

}



Cheers
Samitha
Posted by at No comments:
Labels:

Sunday, May 3, 2026

Package 'MailKit' 4.7.1.1 has a known moderate severity vulnerability,

 Warning As Error: Package 'MailKit' 4.7.1.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-9j88-vvj5-vhgr


The error message you're seeing is a security safeguard. Because your project is likely configured with TreatWarningsAsErrors enabled, NuGet is blocking your build due to a known security vulnerability in MailKit 4.7.1.1.


The Vulnerability: GHSA-9j88-vvj5-vhgr

This is a STARTTLS Response Injection vulnerability.

The Risk: A Man-in-the-Middle (MitM) attacker can inject commands during the "handshake" phase when your app switches from a plain-text connection to an encrypted one (TLS).

The Impact: This can be used to trick your application into "downgrading" its security—for example, forcing it to use a less secure authentication method (like sending passwords in plain text) even though you think you're using an encrypted connection.

How to Fix It

The fix is straightforward: Upgrade MailKit to a patched version.

1. Update via .NET CLI

Run the following command in your terminal at the project root:

Bash

dotnet add package MailKit --version 4.8.0

(Or the latest available version, as 4.8.0+ contains the fix).

2. Update via Package Manager Console (Visual Studio)

PowerShell

Update-Package MailKit

3. Update via Project File (.csproj)

Locate the PackageReference in your .csproj file and update the version manually:

XML

<PackageReference Include="MailKit" Version="4.8.0" />

Why am I seeing this now?

The .NET SDK and NuGet now integrate with the GitHub Advisory Database. When you build your project, it checks your dependencies against known security threats.

If you absolutely cannot upgrade right now (which is not recommended) and need to bypass the error to unblock your build, you can temporarily "suppress" this specific warning by adding the following to your .csproj file, though you should only do this if you have a specific mitigation in place:


XML

<PropertyGroup>

  <NoWarn>$(NoWarn);NU1901;NU1902;NU1903;NU1904</NoWarn>

</PropertyGroup>

Recommendation: Stick with the upgrade. MailKit updates are generally very stable and backward-compatible within the same major version

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)