.NET February 2022 Updates – 6.0.2 and 5.0.14

Rahul Bhandari (MSFT)

Today, we are releasing the .NET February 2022 Updates. These updates contain reliability and security improvements. See the individual release notes for details on updated packages.

You can download 6.0.2 and 5.0.14 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.



CVE-2022-21986: .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET 5.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Denial-of-Service vulnerability exists in .NET 5.0 and .NET 6.0 where Kestrel overpooling of HTTP/2 and HTTP/3 request headers may lead to denial of service.

Deployment Update

Customers that have opted to receive .NET Core updates via the Microsoft Update channel will be offered updates to the Hosting Bundle starting with the December 2021 update. Updates for other .NET Core bundles (.NET Core Runtime, ASP.NET Core Runtime, Windows Desktop Runtime, and SDK) have been offered via Microsoft Update to customers that opt in since December 2020. See this blog post for more information.

Visual Studio

See release notes for Visual Studio compatibility for .NET 6.0 and .NET 5.0.

.NET 5.0 End of life

.NET 5.0 will reach end of life on May 08, 2022, as described in .NET Releases and per .NET Release Policies. After that time, .NET 5.0 patch updates will no longer be provided. We recommend that you move any .NET 5.0 applications and environments to .NET 6.0. It’ll be an easy upgrade in most cases.

The .NET Releases page is the best place to look for release lifecycle information. Knowing key dates helps you make informed decisions about when to upgrade or make other changes to your software and computing environment.