.NET February 2021 Updates – 5.0.3, 3.1.12, 2.1.25

Rahul Bhandari (MSFT)

Rahul

Today, we are releasing the .NET February 2021 Updates. These updates contains reliability and security improvements. See the individual release notes for details on updated packages.

You can download 5.0.3 , 3.1.12, 2.1.25 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Security

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial-of-service vulnerability exists when creating HTTPS web request during X509 certificate chain building.

CVE-2021-24112: .NET 5 and .NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A remote code execution vulnerability exists when parsing certain types of graphics files. This vulnerability only exists on systems running on MacOS or Linux.

Improvements

Visual Studio

See release notes for Visual Studio compatibility for .NET Core 2.1 and .NET Core 3.1 and .NET 5.0.

OS Lifecycle update

Alpine 3.13 is now supported with the .NET 5.0.3 update. The operating system support page for .NET 5.0 has been updated to reflect that.

5 comments

Leave a comment