I fixed this by:

我通过以下方式解决了这个问题：

• Removing the MVC reference and add the correct reference to the project.
• Changing the Copy Localproperty of the reference to true.
• Update the bindingRedirectsetting in web.config:

• 删除 MVC 引用并添加对项目的正确引用。
• 将Copy Local引用的属性更改为true.
• 更新中的bindingRedirect设置web.config：

web.config runtimesection:

web.configruntime部分：

<runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <dependentAssembly>
            <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
            <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.1" />
        </dependentAssembly>
    ...

Changing the Copy Localsetting will include the System.Web.MVC.dllfile in the binfolder when you publish the project, so that it works even if the server is not updated with the new version.

更改Copy Local设置将在您发布项目时将System.Web.MVC.dll文件包含在文件bin夹中，因此即使服务器未使用新版本更新，它也能正常工作。

Note that updates like this rarely happens. This is the first time that MVC 3 has been patched since it was released. You should be able to change Copy Localback to falseonce the servers has been updated. The next time Microsoft makes an update like this, they will probably know to fix issues like this first.

请注意，这种更新很少发生。这是 MVC 3 自发布以来第一次打补丁。一旦服务器更新，您应该能够改Copy Local回false。下次微软进行这样的更新时，他们可能会知道首先解决这样的问题。

I installed Microsoft.AspNet.Mvc package in my project using Nuget.

我使用 Nuget 在我的项目中安装了 Microsoft.AspNet.Mvc 包。

Install-Package Microsoft.AspNet.Mvc -Version <version> -Project PROJECTNAME 

MVC 4 version: 4.0.40804.0

MVC 3 version: 3.0.50813.1

This fixed the problem. Details here: http://blogs.msdn.com/b/webdev/archive/2014/10/16/microsoft-asp-net-mvc-security-update-broke-my-build.aspx

这解决了问题。详情请见：http: //blogs.msdn.com/b/webdev/archive/2014/10/16/microsoft-asp-net-mvc-security-update-broke-my-build.aspx

Your production system should be fine as the hotfix delivers a config file (System.Web.Mvc.dll.config) into the following folder:

您的生产系统应该没问题，因为修补程序会将配置文件 ( System.Web.Mvc.dll.config)传送到以下文件夹中：

%SystemRoot%\assembly\GAC_MSIL\policy.3.0.System.Web.Mvc.0.0.1__31bf3856ad364e35

The config file contains an assembly redirect to the new version, this will override anything you have in your web.config:

配置文件包含重定向到新版本的程序集，这将覆盖您在 web.config 中的任何内容：

<?xml version="1.0"?>
<!-- http://msdn.microsoft.com/en-us/library/7wd6ex19.aspx#BKMK_Redirectingassemblyversionsbyusingpublisherpolicy -->
<configuration>
    <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
            <dependentAssembly>
                <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" culture="neutral" />
                <bindingRedirect oldVersion="3.0.0.0-3.0.0.1" newVersion="3.0.0.1"/>
            </dependentAssembly>
        </assemblyBinding>
    </runtime>
</configuration>

Follow the advice by @Guffa for your build system, or use nuget to update. I believe the solution which works depends on how you deliver the MVC binaries to your system (either bin deploy or GAC).

按照@Guffa 为您的构建系统提供的建议，或使用 nuget 进行更新。我相信有效的解决方案取决于您如何将 MVC 二进制文件交付到您的系统（bin deploy 或 GAC）。

What worked in my case was to change the Referenceelement in project file so Version=3.0.0.0is now Version=3.0.0.1. I also updated the System.Web.Mvc.dllfile sitting in _bin_deployableAssembliesfolder to the new version and added a HintPathelement in the Referenceelement pointing to said dll so it's picked up even when in GAC we still have version 3.0.0.0.

在我的情况下，更改Reference项目文件中的元素Version=3.0.0.0是现在Version=3.0.0.1. 我还将位于System.Web.Mvc.dll文件_bin_deployableAssemblies夹中的文件 更新为新版本，并在HintPath元素中添加了一个Reference指向所述 dll的元素，因此即使在 GAC 中我们仍然拥有 3.0.0.0 版，它也会被选中。

The tricky part is to not forget to update reference in all projects referencing System.Web.Mvc(e.g. including test project).

棘手的部分是不要忘记更新所有项目引用中的引用System.Web.Mvc（例如，包括测试项目）。