.NET Core April 2019 Updates – 2.1.10 and 2.2.4
Today, we are releasing the .NET Core April 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on included fixes.
- .NET Core 2.2.4 and .NET Core SDK 2.2.106 ( Download | Release Notes )
- .NET Core 2.1.10 and .NET Core SDK 2.1.506 ( Download | Release Notes)
A denial of service vulnerability exists in ASP.NET Core 2.2 where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request to cause a Denial of Service.
The vulnerability affects any Microsoft ASP.NET Core 2.2 applications if it is hosted on an IIS server running AspNetCoreModuleV2 (ANCM) prior to and including 12.2.19024.2. The security update addresses the vulnerability by ensuring the IIS worker process does not crash in response to specially crafted requests.
Getting the Update
The latest .NET Core updates are available on the .NET Core download page.
.NET Docker images have been updated for today’s release. The following repos have been updated.
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.
Azure App Services deployment
Deployment of these updates Azure App Services has been scheduled and they estimate the deployment will be complete by Apr 23, 2019.