Today, we are releasing the .NET April 2024 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 8.0.4, 7.0.18 and, 6.0.29 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

• Installers and binaries: 8.0.4 |7.0.18 | 6.0.29
• Release notes: 8.0.4 | 7.0.18 | 6.0.29
• Container images
• Linux packages: 8.0.4 | 7.0.18 | 6.0.29
• Release feedback/issue
• Known issues: 8.0 | 7.0 | 6.0

Windows Package Manager CLI (winget)

You can now install .NET updates using the Windows Package Manager CLI (winget):

• To install the .NET 8 runtime: winget install dotnet-runtime-8
• To install the .NET 8 SDK: winget install dotnet-sdk-8
• To update an existing installation: winget upgrade

See Install with Windows Package Manager (winget) for more information.

Improvements

• ASP.NET Core: 8.0.4 | 6.0.29
• Entity Framework Core: 8.0.4
• Runtime: 8.0.4 | 7.0.18 | 6.0.29
• SDK: 8.0.4

Security

CVE-2024-21409 | .NET Elevation of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 ,and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A use-after-free vulnerability exists in WPF which may result in Elevation of Privilege when viewing untrusted documents. This is a Windows only vulnerability.

Visual Studio

See release notes for Visual Studio compatibility for .NET 8.0, .NET 7.0 and, .NET 6.0.