January 30th, 2017

January 2017 Update for ASP.NET Core 1.1

Rich Lander [MSFT]
Program Manager

We just released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service. All of the information you need is in the advisory. A short summary is provided below.

Red Hat customers should consult the Red Hat advisory for the same issue.

How to Obtain the Update

The update is in the Microsoft.AspNetCore.Mvc.Core package. You need to upgrade your project to use version 1.1.1 (or later) of the package and then re-publish your application.

See below for examples of project file updates, for project.json and csproj formats. Note the updated Microsoft.AspNetCore.Mvc.Core package version.

Project.json

The dependencies section of an updated project.json file would look like the following (in its most minimal form).

"dependencies": {
"Microsoft.NETCore.App": {
    "version": "1.1.0",
    "type": "platform"
},
"Microsoft.AspNetCore": "1.1.0",
"Microsoft.AspNetCore.Mvc.Core": "1.1.1",
}

CSProj

An updated csproj file would look like the following (in its most minimal form):

<Project Sdk="Microsoft.NET.Sdk.Web">
  <PropertyGroup>
    <TargetFramework>netcoreapp1.1</TargetFramework>
  </PropertyGroup>
  <PropertyGroup>
    <PackageTargetFallback>$(PackageTargetFallback);portable-net45+win8+wp8+wpa81;</PackageTargetFallback>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore" Version="1.1.0" />
    <PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="1.1.1" />
  </ItemGroup>
</Project>

Learn more

You can ask questions on the aspnet/mvc repo, where a discussion issue has been created.

Category
.NET

Author

Rich Lander [MSFT]
Program Manager

Richard Lander is a Principal Program Manager on the .NET Core team. He works on making .NET Core work great in memory-limited Docker containers, on ARM hardware like the Raspberry Pi, and enabling GPIO programming and IoT scenarios. He is part of the design team that defines new .NET runtime capabilities and features. He enjoys British rock and Doctor Who. He grew up in Canada and New Zealand.

0 comments

Discussion are closed.