July 9th, 2019

.NET Core July 2019 Updates – 2.1.12 and 2.2.6

Vivek Mishra
Senior Program Manager

Today, we are releasing the .NET Core July 2019 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages.

NOTE: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. Information needed to make this choice will be seen on the download page. If you use other development environments, we recommend using the latest SDK release.

Security

CVE-2019-1075: ASP.NET Core Spoofing Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a spoofing vulnerability that exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website.

To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. The update addresses the vulnerability by correcting how ASP.NET Core parses URLs.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page. This update is also included in the Visual Studio 15.9.14, 16.0.6 and 16.1.6 updates. Choose Check for Updates in the Help menu.

See the .NET Core release notes ( 2.1.12 | 2.2.6 ) for details on the release including issues fixed and affected packages.

Support Lifecycle Update for .NET Core 1.0 and 1.1

.NET Core 1.0 and 1.1 reached end of support on June 27, 2019 and will no longer receive updates going forward. The final updates for .NET Core 1.0 and 1.1 are 1.0.16 and 1.1.13, respectively.

See .NET Core Support Policy to learn more about the .NET Core support lifecycle.

Docker Images

The following .NET container images will be updated later today.

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Azure App Services deployment

Deployment of these updates on Azure App Services has been scheduled and it is expected to complete later in July 2019.

Author

Vivek Mishra
Senior Program Manager

Program Manager in .NET product group, responsible for .NET Framework and Core releases.

0 comments

Discussion are closed.