.NET February 2024 Updates – .NET 8.0.2, 7.0.16, .NET 6.0.27

Today, we are releasing the .NET February 2024 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 8.0.2, 7.0.16 and, 6.0.27 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Installers and binaries: 8.0.2 |7.0.16 | 6.0.27
Release notes: 8.0.2 | 7.0.16 | 6.0.27
Container images
Linux packages: 8.0.2 | 7.0.16 | 6.0.27
Release feedback/issue
Known issues: 8.0 | 7.0 | 6.0

Windows Package Manager CLI (winget)

You can now install .NET updates using the Windows Package Manager CLI (winget):

To install the .NET 8 runtime: winget install dotnet-runtime-8
To install the .NET 8 SDK: winget install dotnet-sdk-8
To update an existing installation: winget upgrade

See Install with Windows Package Manager (winget) for more information.

Improvements

ASP.NET Core: 8.0.2 | 7.0.16 | 6.0.27
Entity Framework Core: 8.0.2
Roslyn-Analysers: 8.0.2
Runtime: 8.0.2 | 7.0.16 | 6.0.27
SDK: 8.0.2

Security

CVE-2024-21386 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A vulnerability exists in ASP.NET applications using SignalR where a malicious client can result in a denial-of-service.

CVE-2024-21404- .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial-of-service vulnerability exists in .NET with OpenSSL support when parsing X509 certificates.