Showing results for NuGet.org - .NET Blog

Apr 22, 2020
Post comments count0
Post likes count0

NuGet.org will continue to support TLS 1.0 and 1.1 until further notice

Christopher Gill
Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 pandem...

NuGetNuGet.orgSecurity
Feb 12, 2020
Post comments count0
Post likes count0

Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1

The NuGet Team
The NuGet Team

In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.

NuGetNuGet.orgSecurity
Nov 15, 2019
Post comments count0
Post likes count0

Deprecating TLS 1.0 and 1.1 on NuGet.org

Karan Nandwani
Karan Nandwani

co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed support fo...

NuGetNuGet.orgSecurity
Sep 30, 2019
Post comments count0
Post likes count0

Deprecating packages on nuget.org

Anand Gaurav
Anand Gaurav

We are excited to announce that nuget.org now supports package deprecation. This has been a long standing ask that will help the ecosystem use supported packages. As a package publisher on nuget.org, you can now deprecate packages that are obsolete, legacy, or buggy. You can also suggest an alternate package to your deprecated package. This lets yo...

NuGetVisual StudioNuGet.org
Aug 22, 2019
Post comments count10
Post likes count0

New and improved NuGet Search is here!

Karan Nandwani
Karan Nandwani

It’s been a long time coming, and today we are excited to announce the new and improved search on NuGet.org leveraging Azure Search. We want to start this post with a huge thanks to you, the NuGet community, for providing feedback. We have aggregated all feedback around search result relevance into one mega issue. We used this as the starting point...

NuGetNuGet.orgFeature Announcement
Jul 17, 2019
Post comments count3
Post likes count0

Surfacing GitHub Usage for packages on NuGet.org

Mohamed Riad Gahlouz
Mohamed Riad Gahlouz

Update: This feature has been enhanced. Read about the latest version. There are several criteria you can use today to evaluate NuGet packages. We received feedback that you would like even more information to help choose the right packages. We're excited to introduce GitHub Usage on nuget.org, which allows you to explore top GitHub repositories t...

NuGetNuGet.orgFeature Announcement
Aug 27, 2018
Post comments count0
Post likes count0

Introducing Source Code Link for NuGet packages

Maxime Rouiller
Maxime Rouiller

NuGet.org now supports surfacing source code repository link for NuGet packages. This will enable package authors to surface both the project's website and the source repository using the and the properties respectively instead of having to choose between the two using just the property. The nuspec has supported the property for a while and tod...

NuGetNuGet.orgFeature Announcement
Aug 10, 2018
Post comments count0
Post likes count0

NuGet.org starts repo-signing packages

Rido
Rido

In May, we implemented Stage 1 and enabled support for any NuGet.org user to submit signed packages to NuGet.org. Today, we are announcing Stage 2 of our NuGet package signing journey - tamper proofing the entire package dependency graph. What is a Repository Signature? A repository signature is a code signing signature produced with an X.509 cer...

NuGetNuGet.orgSecurity
May 22, 2018
Post comments count0
Post likes count0

Introducing signed package submissions to NuGet.org

Rido
Rido

In September 2017, we announced our plans to improve the security of the NuGet ecosystem by introducing the ability for package authors to sign packages. Today, we want to announce support for any NuGet.org user to submit signed packages to NuGet.org. A signed NuGet package is designed to be fully compatible with pre-existing NuGet servers and cli...

NuGetNuGet.orgSecurity
May 15, 2018
Post comments count0
Post likes count0

NuGet.org will only support MSA/AAD starting June 1st, 2018

Anand Gaurav
Anand Gaurav

We had previously announced the deprecation of NuGet.org's home-grown authentication in favor of Microsoft accounts (MSA) that will allow us to add support for additional security systems such as two-factor authentication (2FA). We will be disabling the NuGet.org's home-grown authentication mechanism starting June 1st, 2018. This means that you can...

NuGetNuGet.orgSecurity