{"id":28878,"date":"2020-07-14T10:16:17","date_gmt":"2020-07-14T17:16:17","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet\/?p=28878"},"modified":"2020-07-14T10:28:34","modified_gmt":"2020-07-14T17:28:34","slug":"net-core-july-2020","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-july-2020\/","title":{"rendered":".NET Core July 2020 Updates \u2013 2.1.20 and 3.1.6"},"content":{"rendered":"<p>Today, we are releasing the .NET Core July 2020 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages.<\/p>\n<h2 id=\"security\">Security<\/h2>\n<div>\n<h3><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2020-1147\">CVE-2020-1147: .NET Core Remote Code Execution Vulnerability<\/a><\/h3>\n<div style=\"text-align: left;\">\n<div>\n<p class=\"rich-diff-level-zero\">Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<p class=\"rich-diff-level-zero\">Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of an XML file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.<\/p>\n<p class=\"rich-diff-level-zero\">A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an ASP.NET Core application, or other application that parses certain types of XML.<\/p>\n<p class=\"rich-diff-level-zero\">The security update addresses the vulnerability by restricting the types that are allowed to be present in the XML payload<\/p>\n<p><span style=\"color: inherit; font-family: inherit; font-size: 3rem;\">Getting the Update<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<ul>\n<li>.NET Core 3.1.6 and .NET Core SDK ( <a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/3.1\">Download<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/3.1\/3.1.6\/3.1.6.md\">Release Notes<\/a> )<\/li>\n<li>.NET Core 2.1.20 and .NET Core SDK ( <a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/2.1\">Download<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1.20\/2.1.20.md\">Release Notes<\/a> )<\/li>\n<\/ul>\n<p><span class=\"TextRun SCXW205244410 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW205244410 BCX0\">See the .NET Core release notes for details on the release, including issues fixed and affected packages.<\/span><\/span><span class=\"EOP SCXW205244410 BCX0\" data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p>\n<p>The latest .NET Core updates are available on the <a href=\"https:\/\/www.microsoft.com\/net\/download\/all\">.NET Core download page<\/a>.<\/p>\n<h2>Docker Images<\/h2>\n<p>.NET Docker images have been updated for today\u2019s release. The following repos have been updated.<\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-sdk\/\">dotnet\/core\/sdk<\/a>: .NET Core SDK<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-aspnet\/\">dotnet\/core\/aspnet<\/a>: ASP.NET Core Runtime<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-runtime\/\">dotnet\/core\/runtime<\/a>: .NET Core Runtime<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-runtime-deps\/\">dotnet\/core\/runtime-deps<\/a>: .NET Core Runtime Dependencies<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-samples\/\">dotnet\/core\/samples<\/a>: .NET Core Samples<\/li>\n<\/ul>\n<p><strong>Note:<\/strong> You must pull updated .NET Core container images to get this update, with either <code>docker pull<\/code> or <code>docker build --pull<\/code>.<\/p>\n<div>\n<div style=\"text-align: left;\">\n<div><\/div>\n<\/div>\n<div>\n<h2 aria-level=\"2\">Visual Studio<span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559740&quot;:240}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">This update will be included in a future update of Visual Studio.<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Each version of Visual studio is only supported with a given version of the\u00a0<\/span><span data-contrast=\"none\">.NET Core SDK.\u00a0<\/span><span data-contrast=\"none\">Visual Studio version information is included in the .NET Core SDK\u00a0<\/span><span data-contrast=\"none\">download page<\/span><span data-contrast=\"none\">s and release notes<\/span><span data-contrast=\"none\">.<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\">If you\u00a0<\/span><span data-contrast=\"none\">are not using Visual Studio<\/span><span data-contrast=\"none\">, we recommend using the latest SDK release.<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the .NET Core July 2020 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. Security CVE-2020-1147: .NET Core Remote Code Execution Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance [&hellip;]<\/p>\n","protected":false},"author":7455,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-28878","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the .NET Core July 2020 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. Security CVE-2020-1147: .NET Core Remote Code Execution Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/28878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/7455"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=28878"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/28878\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=28878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=28878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=28878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}