Microsoft Security Advisory 4021279 System.BadImageFormatException

My application is an ASP.NET Core 1.0 Web API.

According to the Microsoft Security Advisory 4021279, I wanted to update the direct dependicies of my project.

In the MyClassName.csproj is the following line:

<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.0.3" />

which I change to:

<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="1.0.4" />

because the versions 1.0.0, 1.0.1, 1.0.2, 1.0.3 1.1.0, 1.1.1, 1.1.2 of Microsoft.AspNetCore.Mvc are not save to use.

If I then try to run the project, Iam getting the following errormessage:

System.BadImageFormatException: "Could not load file or assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'. Reference assemblies should not be loaded for execution. They can only be loaded in the Reflection-only loader context. (Exception from HRESULT: 0x80131058)"

Inner Exception: BadImageFormatException: Cannot load a reference assembly for execution.

What am I doing wrong?

So The post on Git says the following:

If after recompilation you see a Dependency conflict warning, you must update your other direct dependencies to the appropriate version.

For example if your project refers to Microsoft.AspNetCore.Routing with a version number of 1.0.1 when you update your Microsoft.AspNetCore.Mvc package to 1.0.4, compilation will throw:

NU1012 Dependency conflict. Microsoft.AspNetCore.Mvc.Core 1.0.4 expected Microsoft.AspNetCore.Routing >= 1.0.4 but received 1.0.1

As you can see in my question, I do not get this error message. However, I updated the version of Microsoft.AspNetCore.Routing to 1.0.4 and everything worked.