{"id":29759,"date":"2020-09-08T10:37:06","date_gmt":"2020-09-08T17:37:06","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet\/?p=29759"},"modified":"2020-09-08T10:37:06","modified_gmt":"2020-09-08T17:37:06","slug":"net-core-september-2020","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-september-2020\/","title":{"rendered":".NET Core September 2020 Updates \u2013 2.1.22 and 3.1.8"},"content":{"rendered":"<p>Today, we are releasing the .NET Core September 2020 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages.<\/p>\n<h2 id=\"security\">Security<\/h2>\n<div>\n<h3><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2020-1045\">CVE-2020-1045: ASP.NET Core Security Feature Bypass Vulnerability<\/a><\/h3>\n<div style=\"text-align: left;\">\n<div>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<div>\n<div>A\u00a0security\u00a0feature\u00a0bypass\u00a0vulnerability\u00a0exists\u00a0in\u00a0the\u00a0way\u00a0Microsoft\u00a0ASP.NET\u00a0Core\u00a0parses\u00a0encoded\u00a0cookie\u00a0names.<\/div>\n<\/div>\n<div>\n<div>The\u00a0ASP.NET\u00a0Core\u00a0cookie\u00a0parser\u00a0decodes\u00a0entire\u00a0cookie\u00a0strings\u00a0which\u00a0could\u00a0allow\u00a0a\u00a0malicious\u00a0attacker\u00a0to\u00a0set\u00a0a\u00a0second\u00a0cookie\u00a0with\u00a0the\u00a0name\u00a0being\u00a0percent\u00a0encoded.<\/div>\n<div><\/div>\n<\/div>\n<div>\n<div>The\u00a0security\u00a0update\u00a0addresses\u00a0the\u00a0vulnerability\u00a0by\u00a0fixing\u00a0the\u00a0way\u00a0the\u00a0ASP.NET\u00a0Core\u00a0cookie\u00a0parser\u00a0handles\u00a0encoded\u00a0names.<\/div>\n<\/div>\n<\/div>\n<p><span style=\"color: inherit; font-family: inherit; font-size: 3rem;\">Getting the Update<\/span><\/p>\n<\/div>\n<\/div>\n<ul>\n<li>.NET Core 3.1.8 and .NET Core SDK ( <a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/3.1\">Download<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/3.1\/3.1.8\/3.1.8.md\">Release Notes<\/a> )<\/li>\n<li>.NET Core 2.1.22 and .NET Core SDK ( <a href=\"https:\/\/www.microsoft.com\/net\/download\/dotnet-core\/2.1\">Download<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1.22\/2.1.22.md\">Release Notes<\/a> )<\/li>\n<\/ul>\n<p><span class=\"TextRun SCXW205244410 BCX0\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW205244410 BCX0\">See the .NET Core release notes for details on the release, including issues fixed and affected packages.<\/span><\/span><span class=\"EOP SCXW205244410 BCX0\" data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p>\n<p>The latest .NET Core updates are available on the <a href=\"https:\/\/www.microsoft.com\/net\/download\/all\">.NET Core download page<\/a>.<\/p>\n<h2>Docker Images<\/h2>\n<p>.NET Docker images have been updated for today\u2019s release. The following repos have been updated.<\/p>\n<ul>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-sdk\/\">dotnet\/core\/sdk<\/a>: .NET Core SDK<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-aspnet\/\">dotnet\/core\/aspnet<\/a>: ASP.NET Core Runtime<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-runtime\/\">dotnet\/core\/runtime<\/a>: .NET Core Runtime<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-runtime-deps\/\">dotnet\/core\/runtime-deps<\/a>: .NET Core Runtime Dependencies<\/li>\n<li><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet-core-samples\/\">dotnet\/core\/samples<\/a>: .NET Core Samples<\/li>\n<\/ul>\n<p><strong>Note:<\/strong> You must pull updated .NET Core container images to get this update, with either <code>docker pull<\/code> or <code>docker build --pull<\/code>.<\/p>\n<div>\n<div>\n<h2 aria-level=\"2\">Visual Studio<\/h2>\n<p><span data-contrast=\"none\">This update will be included in a future update of Visual Studio.<\/span><\/p>\n<p><span data-contrast=\"none\">Each version of Visual studio is only supported with a given version of the\u00a0<\/span><span data-contrast=\"none\">.NET Core SDK.\u00a0<\/span><span data-contrast=\"none\">Visual Studio version information is included in the .NET Core SDK\u00a0<\/span><span data-contrast=\"none\">download page<\/span><span data-contrast=\"none\">s and release notes<\/span><span data-contrast=\"none\">.<\/span><span data-contrast=\"none\">If you\u00a0<\/span><span data-contrast=\"none\">are not using Visual Studio<\/span><span data-contrast=\"none\">, we recommend using the latest SDK release.<\/span><\/p>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the .NET Core September 2020 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. Security CVE-2020-1045: ASP.NET Core Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance [&hellip;]<\/p>\n","protected":false},"author":7455,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-29759","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the .NET Core September 2020 Update. These updates contain security and reliability fixes. See the individual release notes for details on updated packages. Security CVE-2020-1045: ASP.NET Core Security Feature Bypass Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/29759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/7455"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=29759"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/29759\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=29759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=29759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=29759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}