Showing category results for Security

Revised 6/8/2021: On June 8th, 2021, this update was released to replace a previous update to address a “revocation server was offline” error that may occur during installation. If you've already installed a previous release of this update, no action is required. Revised 4/15/2021: On April 13th, 2021, this update was released to replace a previ...

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 pandem...

In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.

co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed support fo...

Today, we are releasing the .NET Core July 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. NOTE: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. Information needed to...

Today, we are releasing the .NET Core April 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on included fixes. Security Microsoft Security Advisory CVE-2019-0815: ASP.NET Core Denial of Service Vulnerability A denial of service vulnerability exists in ASP.NET Core 2.2 wh...

This post was written by Lena Hall, a Senior Cloud Developer Advocate at Microsoft. F# Software Foundation has recently announced their new initiative — Applied F# Challenge! We encourage you to participate and send your submissions about F# on Azure through the participation form. Applied F# Challenge is a new initiative to encourage in-dept...

Today, we are releasing the January 2019 Security and Quality Rollup. Security CVE-2019-0545 – Windows Security Feature Bypass Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who ...

Today, we are releasing the December 2018 Security and Quality Rollup. Security CVE-2018-8540 – Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn't validate input correctly. The attacker who successfully ...

For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing jour...