.NET Core May 2018 Update

Rich Lander [MSFT]

Today, we are releasing the .NET Core May 2018 Update. This update includes .NET Core 2.1.200 SDK and ASP.NET Core 2.0.8.

Security

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and .NET native version 2.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a denial of service vulnerability that exists when .NET Framework and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework, .NET Core, or .NET native application.

The update addresses the vulnerability by correcting how .NET Framework, .NET Core, and .NET native applications handle XML document processing.

If your application is an ASP.NET Core application, developers are also advised to update to ASP.NET Core 2.0.8.

CVE-2018-0765: .NET Core Denial Of Service Vulnerability

Getting the Update

The .NET Core May 2018 Update is available from the .NET Core download page and the Microsoft.AspNetCore.All package on NuGet.

.NET Core 2.1 RC 1 includes these fixes. No update is required for .NET Core 2.1 RC 1.

You can always download the latest version of .NET Core at .NET Downloads.

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Previous .NET Core Updates

The last few .NET Core updates follow:

0 comments

Discussion is closed.

Feedback usabilla icon