{"id":18595,"date":"2018-07-10T10:50:29","date_gmt":"2018-07-10T17:50:29","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=18405"},"modified":"2021-09-29T16:24:35","modified_gmt":"2021-09-29T23:24:35","slug":"net-core-july-2018-update","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-july-2018-update\/","title":{"rendered":".NET Core July 2018 Update"},"content":{"rendered":"<p><span>Today, we are releasing the\u00a0<\/span>.NET Core July 2018 Update<span>. This update includes <a href=\"https:\/\/github.com\/dotnet\/core\/issues\/1768\">.NET Core 1.0.12<\/a>, <a href=\"https:\/\/github.com\/dotnet\/core\/issues\/1767\">.NET Core 1.1.9<\/a>, <a href=\"https:\/\/github.com\/dotnet\/core\/issues\/1766\">.NET Core 2.0.9<\/a> and <a href=\"https:\/\/github.com\/dotnet\/core\/issues\/1765\">.NET Core 2.1.2<\/a>.<\/span><\/p>\n<h2>Security<\/h2>\n<h4>.NET Core Security Feature Bypass Vulnerability<\/h4>\n<p><a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/73\">CVE-2018-8356:<\/a><\/p>\n<p>Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who successfully exploited this vulnerability could present an expired certificate when challenged.<\/p>\n<p>The update addresses the vulnerability by correcting how .NET Core applications handle certificate validation.<\/p>\n<h4>ASP.NET Core Security Feature Bypass Vulnerability<\/h4>\n<p><a href=\"https:\/\/github.com\/aspnet\/Announcements\/issues\/310\">CVE-2018-8171<\/a><\/p>\n<p>Microsoft is aware of a security feature bypass in ASP.NET Core when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts.<\/p>\n<p>The update addresses the vulnerability by correcting how ASP.NET Core validates the number of incorrect login attempts.<\/p>\n<h4>ASP.NET Core Denial Of Service Vulnerability<\/h4>\n<p><a href=\"https:\/\/github.com\/aspnet\/Announcements\/issues\/311\">aspnet\/announcements #311<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.0 and 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<p>Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack.<\/p>\n<p>The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.<\/p>\n<h2>Getting the Update<\/h2>\n<p>The latest .NET Core updates are available on the <a href=\"https:\/\/www.microsoft.com\/net\/download\/all\">.NET Core download page<\/a>.<\/p>\n<p>Today&#8217;s releases are listed as follows:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/2.1#sdk-2.1.302\">.NET Core 2.1.2<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/2.0#sdk-2.1.202\">.NET Core 2.0.9<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/1.1#sdk-1.1.10\">.NET Core 1.1.9<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/1.0#sdk-1.1.10\">.NET Core 1.0.12<\/a><\/li>\n<\/ul>\n<h2>Docker Images<\/h2>\n<p><span>.NET Docker images have been updated for today\u2019s release. The following repos have been updated.<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet\/\" rel=\"nofollow\">microsoft\/dotnet<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-samples\/\" rel=\"nofollow\">microsoft\/dotnet-samples<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore\/\" rel=\"nofollow\">microsoft\/aspnetcore<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore-build\/\" rel=\"nofollow\">microsoft\/aspnetcore-build<\/a><\/li>\n<\/ul>\n<p>Note: Look at the \u201cTags\u201d view in each repository to see the updated Docker image tags.<\/p>\n<p>Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.<\/p>\n<h2>Preview .NET Core Updates<\/h2>\n<p>The last few .NET Core updates follow:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/06\/22\/net-core-2-1-june-update\/\">June 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/05\/08\/net-core-may-2018-update\/\">May 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/04\/17\/net-core-april-2018-update\/\" rel=\"nofollow\">April 2018 Update<\/a><a href=\"https:\/\/github.com\/dotnet\/core\/issues\/1341\"><\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the\u00a0.NET Core July 2018 Update. This update includes .NET Core 1.0.12, .NET Core 1.1.9, .NET Core 2.0.9 and .NET Core 2.1.2. Security .NET Core Security Feature Bypass Vulnerability CVE-2018-8356: Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who [&hellip;]<\/p>\n","protected":false},"author":336,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-18595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the\u00a0.NET Core July 2018 Update. This update includes .NET Core 1.0.12, .NET Core 1.1.9, .NET Core 2.0.9 and .NET Core 2.1.2. Security .NET Core Security Feature Bypass Vulnerability CVE-2018-8356: Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/18595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=18595"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/18595\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=18595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=18595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=18595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}