.NET August 2021 Updates – 5.0.9, 3.1.18, 2.1.30

Rahul Bhandari (MSFT)

August 10th, 20210 0

Today, we are releasing the .NET August 2021 Updates. These updates contains reliability and other improvements. See the individual release notes for details on updated packages.

You can download 5.0.9 , 3.1.18, 2.1.30 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Update:

The .NET Core 2.1.29 August update did not include the correct fix for CVE-2021-34532. To resolve this, we are re-releasing the August security update for .NET Core 2.1 as 2.1.30. If you have installed .NET Core 2.1.29 previously you need to install the .NET Core 2.1.30 update in order to be fully protected.

_Note: .NET Core 3.1 and .NET 5.0 August updates are not affected and therefore not being re-released._

Improvements

Security

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core and ASP.NET 5. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps
and dumps on demand are created with global read permissions on Linux and macOS.
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core and ASP.NET 5. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where .NET (Core) server applications providing WebSocket endpoints could be tricked
into endlessly looping while trying to read a single WebSocket frame.
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core and ASP.NET 5. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1
where an JWT token is logged if it cannot be parsed.

Visual Studio

See release notes for Visual Studio compatibility for .NET Core 2.1  .NET Core 3.1 and .NET 5.0.

.NET Core 2.1 End of life

As a reminder and identified in the .NET Core and .NET 5 Support Policy, at the end of this month (August 2021), .NET Core 2.1 runtime will be out of support and after this time we will no longer be providing fixes, updates, or online technical assistance for this version. For those customers who are using the ASP.NET Core 2.1 packages on .NET Framework, this continues to be a supported scenario, as you are running on the .NET Framework runtime and not .NET Core 2.1. For development using this scenario going forward, however, you will need to be using the latest .NET SDK and Visual Studio. As a reminder, the list of Packages that are covered by this scenario are available here: ASP.NET Core 2.1 Supported Packages and apply only to running on the .NET Framework.

The .NET Releases page is the best place to look for release lifecycle information. Knowing key dates helps you make informed decisions about when to upgrade or make other changes to your software and computing environment.

Rahul Bhandari (MSFT) Program Manager, .NET

Read next

0 comments

Discussion is closed.

Feedback usabilla icon