.NET Core July 2019 Updates – 2.1.12 and 2.2.6
Today, we are releasing the .NET Core July 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages.
NOTE: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. Information needed to make this choice will be seen on the download page. If you use other development environments, we recommend using the latest SDK release.
- .NET Core 2.2.6 and .NET Core SDK ( Download | Release Notes )
- .NET Core 2.1.12 and .NET Core SDK ( Download | Release Notes )
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a spoofing vulnerability that exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website.
To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. The update addresses the vulnerability by correcting how ASP.NET Core parses URLs.
Getting the Update
The latest .NET Core updates are available on the .NET Core download page. This update is also included in the Visual Studio 15.9.14, 16.0.6 and 16.1.6 updates. Choose Check for Updates in the Help menu.
Support Lifecycle Update for .NET Core 1.0 and 1.1
See .NET Core Support Policy to learn more about the .NET Core support lifecycle.
The following .NET container images will be updated later today.
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.
Azure App Services deployment
Deployment of these updates on Azure App Services has been scheduled and it is expected to complete later in July 2019.