.NET September 2022 Updates – .NET 6.0.9 and .NET Core 3.1.29
- Installers and binaries: 6.0.9 | 3.1.28
- Release notes: 6.0.9 | 3.1.29
- Container images
- Linux packages: 6.0.9 | 3.1.29
- Release feedback/issue
- Known issues: 6.0 | 3.1
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists in ASP.NET Core 3.1 and .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends a customized payload that is parsed during model binding.
.NET Core 3.1 End of life
.NET Core 3.1 will reach end of life on December 13, 2022, as described in .NET Releases and per .NET Release Policies. After that time, .NET Core 3.1 patch updates will no longer be provided. We recommend that you move any .NET Core 3.1 applications and environments to .NET 6.0. It’ll be an easy upgrade in most cases. The .NET Releases page is the best place to look for release lifecycle information. Knowing key dates helps you make informed decisions about when to upgrade or make other changes to your software and computing environment.