{"id":2886,"date":"2023-11-20T17:04:53","date_gmt":"2023-11-21T01:04:53","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet\/?p=2886"},"modified":"2023-11-20T17:04:53","modified_gmt":"2023-11-21T01:04:53","slug":"announcing-nuget-exe-and-nuget-client-sdk-packages-support-policy-keeping-you-informed-and-secure","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/announcing-nuget-exe-and-nuget-client-sdk-packages-support-policy-keeping-you-informed-and-secure\/","title":{"rendered":"Announcing NuGet.exe and NuGet Client SDK Packages Support Policy: Keeping You Informed and Secure"},"content":{"rendered":"<p>At NuGet, our commitment is to ensure that our users have access to the latest, most secure, and well-maintained versions of our tools and packages. With this in mind, we would like to announce the NuGet Support Policy, a set of guidelines designed to keep you informed about the status of NuGet.exe and <a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages on nuget.org.<\/p>\n<h2><strong>Why We&#8217;re Introducing This Policy<\/strong><\/h2>\n<p>We firmly believe that transparency and security are of utmost importance in software development. Here&#8217;s why we&#8217;re implementing this policy:<\/p>\n<ul>\n<li>\n<p><strong>Raising Vulnerability Awareness<\/strong>: Data reveals that a significant percentage of downloaded NuGet.exe versions are either vulnerable or no longer supported. We want you to understand the risks associated with using such versions.<\/p>\n<\/li>\n<li>\n<p><strong>Enhancing Package Maintenance<\/strong>: While many <a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages offer multiple versions, not all of them are actively maintained. We want to ensure that you can make informed decisions about your package dependencies.<\/p>\n<\/li>\n<\/ul>\n<h2><strong>What You Can Expect<\/strong><\/h2>\n<p>NuGet Client tools are distributed through the following vehicles. The support for NuGet tooling in Visual Studio and the .NET SDK aligns with the support policies of those distributions. We want to ensure the community is aware of the support policy for other distribution vehicles, such as NuGet.exe and <a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"left\">NuGet Distribution Vehicle<\/th>\n<th align=\"left\">Support Policy<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"left\">Visual Studio for Windows<\/td>\n<td align=\"left\"><a href=\"https:\/\/learn.microsoft.com\/visualstudio\/productinfo\/vs-servicing\">Visual Studio Product Lifecycle and Servicing<\/a><\/td>\n<\/tr>\n<tr>\n<td align=\"left\">.NET SDK<\/td>\n<td align=\"left\"><a href=\"https:\/\/dotnet.microsoft.com\/platform\/support\/policy\/dotnet-core\">.NET and .NET Core Support Policy<\/a><\/td>\n<\/tr>\n<tr>\n<td align=\"left\"><a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages<\/td>\n<td align=\"left\">Microsoft <a href=\"https:\/\/learn.microsoft.com\/lifecycle\/policies\/modern\">Modern Lifecycle Policy<\/a>. Publishing soon to <a href=\"https:\/\/learn.microsoft.com\/nuget\/\">NuGet docs<\/a>.<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">NuGet.exe<\/td>\n<td align=\"left\">Microsoft <a href=\"https:\/\/learn.microsoft.com\/lifecycle\/policies\/modern\">Modern Lifecycle Policy<\/a>. Publishing soon to <a href=\"https:\/\/learn.microsoft.com\/nuget\/\">NuGet docs<\/a>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The current versions of both NuGet.exe and the <a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages will be supported. Here&#8217;s what you can expect in the future:<\/p>\n<h3><strong>Full Support for Current Version<\/strong><\/h3>\n<p>We are fully committed to supporting the most recent version of NuGet.exe and <a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages. This means you can rely on us for bug fixes, updates, and enhancements exclusive to the version currently under development.<\/p>\n<h3><strong>Security Patch Releases<\/strong><\/h3>\n<p>We will release patched versions of NuGet.exe and <a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages exclusively when critical security fixes are required for a long-term support (LTS) version of Visual Studio or .NET SDK.<\/p>\n<h3><strong>NuGet.exe unlisting<\/strong><\/h3>\n<p>We will begin to remove links to deprecated and vulnerable versions of NuGet.exe from <a href=\"https:\/\/learn.microsoft.com\/nuget\/api\/tools-json\">tool.json<\/a> by March 31st, 2024.<\/p>\n<h3><strong>Package Deprecation<\/strong><\/h3>\n<p>We will deprecate older versions of <a href=\"https:\/\/learn.microsoft.com\/nuget\/reference\/nuget-client-sdk\">NuGet Client SDK<\/a> packages that are not tied to an LTS version of either Visual Studio or .NET by January 31, 2024. We will follow <a href=\"https:\/\/learn.microsoft.com\/nuget\/nuget-org\/deprecate-packages\">Deprecating packages guidance on nuget.org<\/a> to ensure a seamless transition.<\/p>\n<p>Going forward, our approach will probably align with the <a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/217\">.NET Package Maintenance (deprecation)<\/a> guidance.<\/p>\n<h2><strong>Our Unwavering Commitment<\/strong><\/h2>\n<p>Our team is dedicated to providing you with the finest NuGet experience possible. The NuGet Support Policy is our way of ensuring you have the information and tools needed to make informed decisions regarding your NuGet dependencies.<\/p>\n<p>Here are steps you can take to leverage the NuGet Support Policy effectively:<\/p>\n<ul>\n<li>Use the latest versions of NuGet.exe &amp; NuGet Client SDK packages.<\/li>\n<li>Note that we will release patches for these distribution vehicles when critical security fixes are required for an LTS version of either Visual Studio or the .NET SDK.<\/li>\n<li>Watch for unlisted NuGet.exe versions in <a href=\"https:\/\/learn.microsoft.com\/nuget\/api\/tools-json\">tool.json<\/a><\/li>\n<li>Examine your project for dependencies on deprecated NuGet Client SDK packages.<\/li>\n<\/ul>\n<p>We extend our gratitude for being a part of our community and for entrusting NuGet as a pivotal component of your development process.<\/p>\n<p>Should you have any questions or feedback concerning the NuGet Support Policy, please don&#8217;t hesitate to <a href=\"https:\/\/github.com\/nuget\/home\/issues\">reach out<\/a> to us. Your input is invaluable as we continually enhance our platform.<\/p>\n<p>Stay secure and enjoy coding!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At NuGet, our commitment is to ensure that our users have access to the latest, most secure, and well-maintained versions of our tools and packages. With this in mind, we would like to announce the NuGet Support Policy, a set of guidelines designed to keep you informed about the status of NuGet.exe and NuGet Client [&hellip;]<\/p>\n","protected":false},"author":15535,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[7874],"tags":[8012,8013,8014],"class_list":["post-2886","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nuget","tag-nuget-client-sdk","tag-nuget-exe","tag-support-policy"],"acf":[],"blog_post_summary":"<p>At NuGet, our commitment is to ensure that our users have access to the latest, most secure, and well-maintained versions of our tools and packages. With this in mind, we would like to announce the NuGet Support Policy, a set of guidelines designed to keep you informed about the status of NuGet.exe and NuGet Client [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/2886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/15535"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=2886"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/2886\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=2886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=2886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=2886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}