Showing category results for Security

co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed support fo...

Today, we are releasing the .NET Core July 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. NOTE: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. Information needed to...

Today, we are releasing the .NET Core April 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on included fixes. Security Microsoft Security Advisory CVE-2019-0815: ASP.NET Core Denial of Service Vulnerability A denial of service vulnerability exists in ASP.NET Core 2.2 wh...

This post was written by Lena Hall, a Senior Cloud Developer Advocate at Microsoft. F# Software Foundation has recently announced their new initiative — Applied F# Challenge! We encourage you to participate and send your submissions about F# on Azure through the participation form. Applied F# Challenge is a new initiative to encourage in-dept...

Today, we are releasing the January 2019 Security and Quality Rollup. Security CVE-2019-0545 – Windows Security Feature Bypass Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who ...

Today, we are releasing the December 2018 Security and Quality Rollup. Security CVE-2018-8540 – Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn't validate input correctly. The attacker who successfully ...

For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing jour...

Today, we are releasing the November 2018 Security and Quality Rollup.SecurityNo new security fixes. See .NET Framework September 2018 Security and Quality Rollup for the latest security updates.Quality and ReliabilityThis release contains the following quality and reliability improvements.CLRWFWinformsWPFNote: Additional information on these impro...

Today, we released the October 2018 Security and Quality Rollup. Security No new security fixes.  See .NET Framework September 2018 Security and Quality Rollup for the latest security update. Quality and Reliability This release contains the following quality and reliability improvements. CLR WPF Note:...

In May, we implemented Stage 1 and enabled support for any NuGet.org user to submit signed packages to NuGet.org. Today, we are announcing Stage 2 of our NuGet package signing journey - tamper proofing the entire package dependency graph. What is a Repository Signature? A repository signature is a code signing signature produced with an X.509 cer...