Today, we are releasing the .NET March 2021 Updates. These updates contains reliability and security improvements. See the individual release notes for details on updated packages.
You can download 5.0.4 , 3.1.13, 2.1.26 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.
- Installers and binaries: 5.0.4 | 3.1.13 | 2.1.26
- Release notes: 5.0.4 | 3.1.13 | 2.1.26
- Container images
- Linux packages: 5.0.4 | 3.1.13 | 2.1.26
- Release feedback/issues
- Known issues: 5.0 | 3.1 | 2.1
Security
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1.
This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed.
Improvements
- Runtime : 5.0.4
- ASP.NET Core : 5.0.4 | 3.1.12
- EntityFramework Core : 5.0.4
- Winforms: 5.0.4
- Setup: 2.1.26
- WPF: 5.0.4 | 3.1.13
Visual Studio
See release notes for Visual Studio compatibility for .NET Core 2.1 and .NET Core 3.1 and .NET 5.0.
OS Lifecycle update
Alpine 3.13 is now supported with the .NET Core 3.1.13 and .NET Core 2.1.26 update. The operating system support pages for .NET Core 3.1 and .NET Core 2.1 has been updated to reflect that.
Blazor WebAssembly 3.2 end of support and project template removal
Blazor WebAssembly 3.2 has reached end of support and the corresponding project template has been removed from this .NET Core 3.1 SDK update. Blazor WebAssembly 3.2 was released in May 2020 as a Current release. Support for Current releases ends three months after the next Current release, which in this case was .NET 5 in November 2020. Apps using Blazor WebAssembly 3.2 should be updated to use .NET 5 to stay in support.
Is there any details about Remote Code Execution Vulnerability? CVE doesn’t have too much details. We have a .NET Core 2.1 app that has public REST API and would it be affected by that CVE as well or not?