Showing category results for Security

Yesterday, we are released the January 2022 Security and Quality Rollup Updates for .NET Framework. Security CVE-2022-21911 – .NET Framework Denial of Service This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system. Quality and Reliability This release contains the...

We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.

We will be releasing updated builds of NuGet this week to accommodate NuGet restore failures on Linux distributions. The failures are observed when updated versions of the NSS or ca-certificates packages are installed.

Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.

The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.

Revised 6/8/2021: On June 8th, 2021, this update was released to replace a previous update to address a “revocation server was offline” error that may occur during installation. If you've already installed a previous release of this update, no action is required. Revised 4/15/2021: On April 13th, 2021, this update was released to replace a previ...

The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.

Revised 6/8/2021: On June 8th, 2021, this update was released to replace a previous update to address a “revocation server was offline” error that may occur during installation. If you've already installed a previous release of this update, no action is required. Revised 4/15/2021: On April 13th, 2021, this update was released to replace a previ...

Revised 6/8/2021: On June 8th, 2021, this update was released to replace a previous update to address a “revocation server was offline” error that may occur during installation. If you've already installed a previous release of this update, no action is required. Revised 4/15/2021: On April 13th, 2021, this update was released to replace a previ...

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further notice. ...