Showing results for Security - .NET Blog

NuGet 6.0 - Source Mapping, Package Vulnerabilities, Faster Solution Load, Oh My! NuGet 6.0 is included in Visual Studio 2022 and .NET 6.0 out of the box. You can also download NuGet 6.0 for Windows, macOS, and Linux as a standalone executable. NuGet 6.0 is one of many releases in our .NET unification journey. Our NuGet tooling helps developers d...

We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.

Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.

The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.

The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further notice. ...

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 pandem...

In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.

Updated: February 15, 2019   Updated: February 14, 2019   Yesterday, we released the February 2019 Security and Quality Rollup. Security CVE-2019-0613 – Remote Code Execution Vulnerability This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of...

The latest .NET Core updates are available on the .NET Core download page. This update is also included in the Visual Studio 15.0.21 (.NET Core 1.0 and 1.1) and 15.9.7 (.NET Core 1.0, 1.1 and 2.1) updates, which is also releasing today. See the .NET Core release notes (