Showing results for Security - .NET Blog

Today, we are releasing the .NET Core April 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on included fixes. Security Microsoft Security Advisory CVE-2019-0815: ASP.NET Core Denial of Service Vulnerability A denial of service vulnerability exists in ASP.NET Core 2.2 wh...

This post was written by Lena Hall, a Senior Cloud Developer Advocate at Microsoft. F# Software Foundation has recently announced their new initiative — Applied F# Challenge! We encourage you to participate and send your submissions about F# on Azure through the participation form. Applied F# Challenge is a new initiative to encourage in-dept...

Today, we are releasing the January 2019 Security and Quality Rollup. Security CVE-2019-0545 – Windows Security Feature Bypass Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who ...

Today, we are releasing the December 2018 Security and Quality Rollup. Security CVE-2018-8540 – Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn't validate input correctly. The attacker who successfully ...

For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing jour...

Today, we are releasing the November 2018 Security and Quality Rollup.SecurityNo new security fixes. See .NET Framework September 2018 Security and Quality Rollup for the latest security updates.Quality and ReliabilityThis release contains the following quality and reliability improvements.CLRWFWinformsWPFNote: Additional information on these impro...

Today, we released the October 2018 Security and Quality Rollup. Security No new security fixes.  See .NET Framework September 2018 Security and Quality Rollup for the latest security update. Quality and Reliability This release contains the following quality and reliability improvements. CLR WPF Note:...

In May, we implemented Stage 1 and enabled support for any NuGet.org user to submit signed packages to NuGet.org. Today, we are announcing Stage 2 of our NuGet package signing journey - tamper proofing the entire package dependency graph. What is a Repository Signature? A repository signature is a code signing signature produced with an X.509 cer...

In September 2017, we announced our plans to improve the security of the NuGet ecosystem by introducing the ability for package authors to sign packages. Today, we want to announce support for any NuGet.org user to submit signed packages to NuGet.org. A signed NuGet package is designed to be fully compatible with pre-existing NuGet servers and cli...

We had previously announced the deprecation of NuGet.org's home-grown authentication in favor of Microsoft accounts (MSA) that will allow us to add support for additional security systems such as two-factor authentication (2FA). We will be disabling the NuGet.org's home-grown authentication mechanism starting June 1st, 2018. This means that you can...