{"id":17615,"date":"2018-05-08T15:31:30","date_gmt":"2018-05-08T22:31:30","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=17615"},"modified":"2021-09-29T16:25:48","modified_gmt":"2021-09-29T23:25:48","slug":"net-core-may-2018-update","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-may-2018-update\/","title":{"rendered":".NET Core May 2018 Update"},"content":{"rendered":"

Today, we are releasing the .NET Core May 2018 Update<\/a>. This update includes .NET Core 2.1.200<\/a> SDK and ASP.NET Core 2.0.8<\/a>.<\/p>\n

<\/a>Security<\/h2>\n

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and .NET native version 2.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n

Microsoft is aware of a denial of service vulnerability that exists when .NET Framework and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework, .NET Core, or .NET native application.<\/p>\n

The update addresses the vulnerability by correcting how .NET Framework, .NET Core, and .NET native applications handle XML document processing.<\/p>\n

If your application is an ASP.NET Core application, developers are also advised to update to ASP.NET Core 2.0.8<\/a>.<\/p>\n

CVE-2018-0765: .NET Core Denial Of Service Vulnerability<\/a><\/p>\n

<\/a>Getting the Update<\/h2>\n

The .NET Core May 2018 Update is available from the .NET Core download page<\/a> and the Microsoft.AspNetCore.All<\/a> package on NuGet.<\/p>\n

.NET Core 2.1 RC 1<\/a>\u00a0includes these fixes. No update is required for .NET Core 2.1 RC 1.<\/p>\n

You can always download the latest version of .NET Core at .NET Downloads<\/a>.<\/p>\n

<\/a>Docker Images<\/h2>\n

.NET Docker images have been updated for today\u2019s release. The following repos have been updated.<\/p>\n