March 9th, 2021

.NET March 2021 Updates – 5.0.4, 3.1.13, 2.1.26

Rahul Bhandari (MSFT)
Senior Program Manager

Today, we are releasing the .NET March 2021 Updates. These updates contains reliability and security improvements. See the individual release notes for details on updated packages.

You can download 5.0.4 , 3.1.13, 2.1.26 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Security

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1.
This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed.
Improvements

Visual Studio

See release notes for Visual Studio compatibility for .NET Core 2.1 and .NET Core 3.1 and .NET 5.0.

OS Lifecycle update

Alpine 3.13 is now supported with the .NET Core 3.1.13 and .NET Core 2.1.26 update. The operating system support pages for .NET Core 3.1 and .NET Core 2.1 has been updated to reflect that.

Blazor WebAssembly 3.2 end of support and project template removal

Blazor WebAssembly 3.2 has reached end of support and the corresponding project template has been removed from this .NET Core 3.1 SDK update. Blazor WebAssembly 3.2 was released in May 2020 as a Current release. Support for Current releases ends three months after the next Current release, which in this case was .NET 5 in November 2020. Apps using Blazor WebAssembly 3.2 should be updated to use .NET 5 to stay in support.

Author

Rahul Bhandari (MSFT)
Senior Program Manager

I am a Program Manager on .NET team. I specializes in .NET release processes. University of Florida Alumnus.

1 comment

Discussion is closed. Login to edit/delete existing comments.

  • Sergey Litvinov

    Is there any details about Remote Code Execution Vulnerability? CVE doesn’t have too much details. We have a .NET Core 2.1 app that has public REST API and would it be affected by that CVE as well or not?