{"id":20646,"date":"2018-10-09T16:19:23","date_gmt":"2018-10-09T23:19:23","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=19555"},"modified":"2019-02-19T19:46:10","modified_gmt":"2019-02-20T02:46:10","slug":"net-core-october-2018-update-net-core-1-0-and-1-1","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-october-2018-update-net-core-1-0-and-1-1\/","title":{"rendered":".NET Core October 2018 Update \u2013 NET Core 1.0 and 1.1"},"content":{"rendered":"<p><span>Today, we are releasing the .NET Core October 2018 Update for 1.0 and 1.1. This update includes\u00a0<\/span>.NET Core 1.0.13, 1.1.10 and .NET Core SDK 1.1.11.<\/p>\n<h2>Security<\/h2>\n<p><strong><a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/88\">CVE-2018-8292:<\/a> .NET Core Information Disclosure Vulnerability<\/strong><\/p>\n<p>Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core when HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.<\/p>\n<div>\n<div><span>The update addresses the vulnerability by correcting how .NET Core applications handles HTTP redirects.<\/span><\/div>\n<h2>Getting the Update<\/h2>\n<div>\n<p>The latest .NET Core updates are available on the <a href=\"https:\/\/www.microsoft.com\/net\/download\/all\">.NET Core download page<\/a>.\u00a0This update is also included in <b>Visual Studio <a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/releasenotes\/vs2017-relnotes#-visual-studio-2017-version-158-security-advisory-notices\">15.8.7<\/a><\/b> and <a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/releasenotes\/vs2017-relnotes-v15.0#15.0.26228.57\"><b>15.0.19<\/b><\/a>.<\/p>\n<p>Today&#8217;s releases are listed as follows:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/1.1#sdk-1.1.11\">.NET Core 1.1.10<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/1.0#sdk-1.1.11\">.NET Core 1.0.13<\/a><\/li>\n<\/ul>\n<h2>Docker Images<\/h2>\n<p><span>.NET Docker images have been updated for today\u2019s release. The following repos have been updated.<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet\/\" rel=\"nofollow\">microsoft\/dotnet<\/a><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore-build\/\" rel=\"nofollow\"><\/a><\/li>\n<li style=\"font-weight: inherit;font-style: inherit\"><a href=\"https:\/\/na01.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fhub.docker.com%2Fr%2Fmicrosoft%2Faspnetcore-build%2F&amp;data=02%7C01%7Cvivmish%40microsoft.com%7C7f7427354694453a8f7008d62ee53b6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636747959407095752&amp;sdata=vwPmtdnJ%2BPUYW6V41jLX3OXhCWTEMjwI99ctj2d1WaY%3D&amp;reserved=0\"><\/a><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore\" rel=\"nofollow\">microsoft\/aspnetcore<\/a><\/li>\n<li><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore-build\" rel=\"nofollow\">microsoft\/aspnetcore-build<\/a><a href=\"https:\/\/na01.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fhub.docker.com%2Fr%2Fmicrosoft%2Faspnetcore-build%2F&amp;data=02%7C01%7Cvivmish%40microsoft.com%7C7f7427354694453a8f7008d62ee53b6d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636747959407095752&amp;sdata=vwPmtdnJ%2BPUYW6V41jLX3OXhCWTEMjwI99ctj2d1WaY%3D&amp;reserved=0\"><\/a><\/li>\n<\/ul>\n<p>Note: Look at the \u201cTags\u201d view in each repository to see the updated Docker image tags.<\/p>\n<p>Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.<\/p>\n<h2>Azure App Services deployment<\/h2>\n<p>Deployment to Azure App Services has begun and the West Central US region will be live this morning. Remaining regions will be updated over the next few days and deployment is expected to be complete by end of week.<\/p>\n<h2>Previous .NET Core Updates<\/h2>\n<p>The last few .NET Core updates follow:<\/p>\n<ul>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/09\/11\/net-core-september-2018-update\/\">September 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/08\/21\/net-core-august-2018-update\/\">August 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/06\/22\/net-core-2-1-june-update\/\">June 2018 Update<\/a><\/li>\n<li><a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/05\/08\/net-core-may-2018-update\/\">May 2018 Update<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the .NET Core October 2018 Update for 1.0 and 1.1. This update includes\u00a0.NET Core 1.0.13, 1.1.10 and .NET Core SDK 1.1.11. Security CVE-2018-8292: .NET Core Information Disclosure Vulnerability Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core when HTTP authentication information is inadvertently exposed in an [&hellip;]<\/p>\n","protected":false},"author":722,"featured_media":21756,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685,196],"tags":[9],"class_list":["post-20646","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet","category-dotnet-core","tag-net-core"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the .NET Core October 2018 Update for 1.0 and 1.1. This update includes\u00a0.NET Core 1.0.13, 1.1.10 and .NET Core SDK 1.1.11. Security CVE-2018-8292: .NET Core Information Disclosure Vulnerability Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core when HTTP authentication information is inadvertently exposed in an [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/20646","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/722"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=20646"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/20646\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/21756"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=20646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=20646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=20646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}