{"id":20835,"date":"2019-01-08T18:07:05","date_gmt":"2019-01-09T02:07:05","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=20835"},"modified":"2022-06-10T10:18:59","modified_gmt":"2022-06-10T17:18:59","slug":"net-core-january-2019-update","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-january-2019-update\/","title":{"rendered":".NET Core January 2019 Updates &#8211; 2.1.7 and 2.2.1"},"content":{"rendered":"<p>Today, we are releasing the .NET Core January 2019 Update. These updates contain security and reliability fixes.<\/p>\n<ul>\n<li>.NET Core 2.1.7 and .NET Core SDK 2.1.503 ( <a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/2.1\">Download<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1.7\/2.1.7.md\">Release Notes<\/a> )<\/li>\n<li>.NET Core 2.2.1 and .NET Core SDK 2.2.102 ( <a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/2.2\">Download<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.2\/2.2.1\/2.2.1.md\">Release Notes<\/a> )<\/li>\n<\/ul>\n<h2 id=\"security\">Security<\/h2>\n<p><a href=\"https:\/\/github.com\/dotnet\/Announcements\/issues\/94\">CVE-2019-0545:<\/a> .NET Core Information Disclosure Vulnerability<\/p>\n<p>The security update addresses the vulnerability by enforcing Cross-origin Resource Sharing (CORS) configuration to prevent its bypass in .NET Core 2.1 and 2.2. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.<\/p>\n<p><a href=\"https:\/\/github.com\/aspnet\/Announcements\/issues\/335\">CVE-2019-0548:<\/a> ASP.NET Core Denial Of Service Vulnerability<\/p>\n<p>This security vulnerability exists in ASP.NET Core 1.0, 1.1, 2.1 and 2.2. If an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request to cause a Denial of Service.<\/p>\n<p><a href=\"https:\/\/github.com\/aspnet\/Announcements\/issues\/334\">CVE-2019-0564:<\/a> ASP.NET Core Denial Of Service Vulnerability<\/p>\n<p>This security vulnerability exists in ASP.NET Core 1.0, 1.1, 2.1 and 2.2. If an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request to cause a Denial of Service.<\/p>\n<p><a href=\"https:\/\/github.com\/aspnet\/Announcements\/issues\/94\">CVE-2018-8416:<\/a> .NET Core Tampering Vulnerability<\/p>\n<p>A security vulnerability exists wherein .NET Core 2.1 improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.<\/p>\n<p>To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system.<\/p>\n<h2 id=\"windows-arm-support\">Windows ARM support<\/h2>\n<p>This release includes the first availability of .NET Core for Windows Server, version 1809 ARM32. Runtime zips can be found on the <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet-core\/2.2\">downloads page<\/a>. The SDK zip is expected to be live on the 9th and this note will be updated when that happens.<\/p>\n<h2 id=\"getting-the-update\">Getting the Update<\/h2>\n<p>The latest .NET Core updates are available on the <a href=\"https:\/\/www.microsoft.com\/net\/download\/all\">.NET Core download page<\/a>. This update is included in the Visual Studio 15.9.5 update, which is also releasing today.<\/p>\n<p>See the .NET Core release notes ( <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1.7\/2.1.7.md\">2.1.7<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.2\/2.2.1\/2.2.1.md\">2.2.1<\/a> ) for details on the release including a detailed commit list and affected files.<\/p>\n<h2 id=\"docker-images\">Docker Images<\/h2>\n<p>The <a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet\/\">.NET Core Docker images<\/a> have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in <a href=\"https:\/\/blogs.msdn.microsoft.com\/dotnet\/2018\/06\/18\/staying-up-to-date-with-net-container-images\/\">&#8220;Staying up-to-date with .NET Container Images&#8221;<\/a>.<\/p>\n<p><a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet\/\">microsoft\/dotnet<\/a>\n<a href=\"https:\/\/hub.docker.com\/r\/microsoft\/dotnet-samples\/\">microsoft\/dotnet-samples<\/a>\n<a href=\"https:\/\/hub.docker.com\/r\/microsoft\/aspnetcore\">microsoft\/aspnetcore<\/a><\/p>\n<h2 id=\"azure-app-services-deployment\">Azure App Services deployment<\/h2>\n<p>Update: Deployment of .NET Core 2.1.7 and 2.2.1 to Azure App Services is complete. 2.1.7 and 2.2.1 are available in all regions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the .NET Core January 2019 Update. These updates contain security and reliability fixes. .NET Core 2.1.7 and .NET Core SDK 2.1.503 ( Download | Release Notes ) .NET Core 2.2.1 and .NET Core SDK 2.2.102 ( Download | Release Notes ) Security CVE-2019-0545: .NET Core Information Disclosure Vulnerability The security update [&hellip;]<\/p>\n","protected":false},"author":354,"featured_media":21756,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685,196],"tags":[9,123,141],"class_list":["post-20835","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet","category-dotnet-core","tag-net-core","tag-security","tag-update"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the .NET Core January 2019 Update. These updates contain security and reliability fixes. .NET Core 2.1.7 and .NET Core SDK 2.1.503 ( Download | Release Notes ) .NET Core 2.2.1 and .NET Core SDK 2.2.102 ( Download | Release Notes ) Security CVE-2019-0545: .NET Core Information Disclosure Vulnerability The security update [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/20835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/354"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=20835"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/20835\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/21756"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=20835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=20835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=20835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}