.NET Core April 2019 Updates – 2.1.10 and 2.2.4

Avatar

Vivek

Today, we are releasing the .NET Core April 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on included fixes.

Security

Microsoft Security Advisory CVE-2019-0815: ASP.NET Core Denial of Service Vulnerability

A denial of service vulnerability exists in ASP.NET Core 2.2 where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request to cause a Denial of Service.

The vulnerability affects any Microsoft ASP.NET Core 2.2 applications if it is hosted on an IIS server running AspNetCoreModuleV2 (ANCM) prior to and including 12.2.19024.2. The security update addresses the vulnerability by ensuring the IIS worker process does not crash in response to specially crafted requests.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page.

See the .NET Core release notes ( 2.1.10 | 2.2.4 ) for details on the release including a issues fixed and affected packages.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

microsoft/dotnet
microsoft/dotnet-samples
microsoft/aspnetcore

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Azure App Services deployment

Deployment of these updates Azure App Services has been scheduled and they estimate the deployment will be complete by Apr 23, 2019.

Avatar
Vivek Mishra

Senior Program Manager, .NET

Follow Vivek   

1 Comments
Alex Thomson
Alex Thomson 2019-04-10 04:20:08