In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.
Updated: February 15, 2019 Updated: February 14, 2019 Yesterday, we released the February 2019 Security and Quality Rollup. Security CVE-2019-0613 – Remote Code Execution Vulnerability This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of...
The latest .NET Core updates are available on the .NET Core download page. This update is also included in the Visual Studio 15.0.21 (.NET Core 1.0 and 1.1) and 15.9.7 (.NET Core 1.0, 1.1 and 2.1) updates, which is also releasing today. See the .NET Core release notes (
Today, we are releasing the .NET Core January 2019 Update. These updates contain security and reliability fixes. Security CVE-2019-0545: .NET Core Information Disclosure Vulnerability The security update addresses the vulnerability by enforcing Cross-origin Resource Sharing (CORS) configuration to prevent its bypass in .NET Core 2....
Today, we are releasing the January 2019 Security and Quality Rollup. Security CVE-2019-0545 – Windows Security Feature Bypass Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that may cause an information disclosure that allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who ...
Today, we are releasing the December 2018 Security and Quality Rollup. Security CVE-2018-8540 – Windows Remote Code Execution Vulnerability This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn't validate input correctly. The attacker who successfully ...
Today, we are releasing the November 2018 Security and Quality Rollup.SecurityNo new security fixes. See .NET Framework September 2018 Security and Quality Rollup for the latest security updates.Quality and ReliabilityThis release contains the following quality and reliability improvements.CLRWFWinformsWPFNote: Additional information on these impro...
Today, we released the October 2018 Security and Quality Rollup. Security No new security fixes. See .NET Framework September 2018 Security and Quality Rollup for the latest security update. Quality and Reliability This release contains the following quality and reliability improvements. CLR WPF Note:...
During an appearance on the .NET Rocks podcast last week, a question was raised about securely sending information through ASP.NET ViewState. I responded to the question by indicating that the typical security concern for web content is not to trust any content submitted from the web, including ViewState. After that podcast was published, several...
This is a guest post by Brock Allen and Dominick Baier. They are security consultants, speakers, and the authors of many popular open source security projects, including IdentityServer. Modern applications need modern identity. The protocols used for implementing features like authentication, single sign-on, API access control and federation are O...
