{"id":33727,"date":"2021-08-10T15:12:57","date_gmt":"2021-08-10T22:12:57","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet\/?p=33727"},"modified":"2021-08-19T16:22:42","modified_gmt":"2021-08-19T23:22:42","slug":"net-august-2021","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/net-august-2021\/","title":{"rendered":".NET August 2021 Updates \u2013 5.0.9, 3.1.18, 2.1.30"},"content":{"rendered":"<p>Today, we are releasing the <a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/193\">.NET August 2021 Updates<\/a>. These updates contains reliability and other improvements. See the individual release notes for details on updated packages.<\/p>\n<p class=\"\">You can download <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/5.0\">5.0.9<\/a>\u00a0,<a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet-core\/3.1\"> 3.1.18<\/a>, <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/2.1\">2.1.30<\/a>\u00a0versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.<\/p>\n<ul>\n<li>Installers and binaries: <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/5.0\">5.0.9<\/a>\u00a0| <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet-core\/3.1\">3.1.18<\/a>\u00a0| <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet-core\/2.1\">2.1.30<\/a><\/li>\n<li class=\"\">Release notes: <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/5.0\/5.0.9\/5.0.9.md\">5.0.9<\/a>\u00a0| <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/3.1\/3.1.18\/3.1.18.md\">3.1.18<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1.30\/2.1.30.md\">2.1.30<\/a><\/li>\n<li class=\"\"><a href=\"https:\/\/hub.docker.com\/_\/microsoft-dotnet\">Container images<\/a><\/li>\n<li class=\"\">Linux packages: <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/5.0\/install-linux.md\">5.0.9<\/a>\u00a0| <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/3.1\/install-linux.md\">3.1.18<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1.30\/2.1.30-install-instructions.md\">2.1.30<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/dotnet\/core\/issues\/6553\" target=\"_blank\" rel=\"noopener noreferrer\">Release feedback\/issues<\/a><\/li>\n<li class=\"\">Known issues: <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/5.0\/5.0-known-issues.md\">5.0<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/3.1\/3.1-known-issues.md\">3.1<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1-known-issues.md\">2.1<\/a><\/li>\n<\/ul>\n<div>\n<div style=\"text-align: left;\">\n<h4>Update:<\/h4>\n<div>\n<p>The .NET Core 2.1.29 August update did not include the correct fix for <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/vulnerability\/CVE-2021-34532\">CVE-2021-34532<\/a>. To resolve this, we are re-releasing the August security update for .NET Core 2.1 as 2.1.30. If you have installed .NET Core 2.1.29 previously you need to install the .NET Core 2.1.30 update in order to be fully protected.<\/p>\n<p>_Note: .NET Core 3.1 and .NET 5.0 August updates are not affected and therefore not being re-released._<\/p>\n<\/div>\n<div><\/div>\n<div><span style=\"color: inherit; font-family: inherit; font-size: 3rem;\">Improvements<\/span><\/div>\n<\/div>\n<\/div>\n<div>\n<ul>\n<li>CoreFx: <a href=\"https:\/\/github.com\/dotnet\/corefx\/pulls?q=milestone%3A3.1.18+is%3Aclosed+label%3Aservicing-approved\">3.1.18<\/a><\/li>\n<li>Runtime : <a href=\"https:\/\/github.com\/dotnet\/runtime\/issues?q=milestone%3A5.0.9+is%3Aclosed+label%3Aservicing-approved\">5.0.9<\/a><\/li>\n<li>Winforms: <a href=\"https:\/\/github.com\/dotnet\/winforms\/issues?q=milestone%3A5.0.8+is%3Aclosed+label%3Aservicing-approved\">5.0.9<\/a> | <a href=\"https:\/\/github.com\/dotnet\/winforms\/issues?q=milestone%3A3.1.18+is%3Aclosed+label%3Aservicing-approved\">3.1.18<\/a><\/li>\n<\/ul>\n<\/div>\n<h2 id=\"security\">Security<\/h2>\n<div>\n<h3><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2021-34485\">CVE-2021-34485: .NET Core Information Disclosure Vulnerability<\/a><\/h3>\n<\/div>\n<div style=\"text-align: left;\">Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core and ASP.NET 5. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/div>\n<div style=\"text-align: left;\"><\/div>\n<div style=\"text-align: left;\">\n<div>\n<div>An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps<\/div>\n<div>and dumps on demand are created with global read permissions on Linux and macOS.<\/div>\n<\/div>\n<\/div>\n<div style=\"text-align: left;\"><\/div>\n<div>\n<div>\n<h3><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2021-26423\">CVE-2021-26423: .NET Core Denial of Service Vulnerability<\/a><\/h3>\n<\/div>\n<div style=\"text-align: left;\">Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core and ASP.NET 5. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/div>\n<div style=\"text-align: left;\"><\/div>\n<div>\n<div>\n<div style=\"text-align: left;\">A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where\u00a0.NET\u00a0(Core)\u00a0server\u00a0applications\u00a0providing\u00a0WebSocket\u00a0endpoints\u00a0could\u00a0be\u00a0tricked<\/div>\n<div style=\"text-align: left;\">into\u00a0endlessly\u00a0looping\u00a0while\u00a0trying\u00a0to\u00a0read\u00a0a\u00a0single\u00a0WebSocket\u00a0frame.<\/div>\n<\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<div>\n<div>\n<h3><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2021-34532\">CVE-2021-34532: ASP.NET Core Information Disclosure Vulnerability<\/a><\/h3>\n<\/div>\n<div style=\"text-align: left;\">Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core and ASP.NET 5. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/div>\n<div style=\"text-align: left;\"><\/div>\n<div>\n<div>\n<div style=\"text-align: left;\">An\u00a0information\u00a0disclosure\u00a0vulnerability\u00a0exists\u00a0in\u00a0.NET\u00a05.0,\u00a0.NET\u00a0Core\u00a03.1\u00a0and\u00a0.NET\u00a0Core\u00a02.1<\/div>\n<div style=\"text-align: left;\">where\u00a0an\u00a0JWT\u00a0token\u00a0is\u00a0logged\u00a0if\u00a0it\u00a0cannot\u00a0be\u00a0parsed.<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h2 aria-level=\"2\">Visual Studio<\/h2>\n<p>See release notes for Visual Studio compatibility for <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/2.1\/2.1.29\/2.1.29.md#visual-studio-compatibility\">.NET Core 2.1<\/a>\u00a0 <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/3.1\/3.1.18\/3.1.18.md#visual-studio-compatibility\">.NET Core 3.1<\/a> and <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/release-notes\/5.0\/5.0.9\/5.0.9.md#visual-studio-compatibility\">.NET 5.0<\/a>.<\/p>\n<\/div>\n<h2><a href=\"https:\/\/devblogs.microsoft.com\/dotnet\/net-core-2-1-will-reach-end-of-support-on-august-21-2021\/\">.NET Core 2.1 End of life<\/a><\/h2>\n<div>\n<p>As a reminder and identified in the <a href=\"https:\/\/dotnet.microsoft.com\/platform\/support\/policy\/dotnet-core\">.NET Core and .NET 5 Support Policy<\/a>, at the end of this month (August 2021), .NET Core 2.1 runtime will be out of support and after this time we will no longer be providing fixes, updates, or online technical assistance for this version. For those customers who are using the ASP.NET Core 2.1 packages on .NET Framework, this continues to be a supported scenario, as you are running on the .NET Framework runtime and not .NET Core 2.1. For development using this scenario going forward, however, you will need to be using the latest .NET SDK and Visual Studio. As a reminder, the list of Packages that are covered by this scenario are available here: <a href=\"https:\/\/dotnet.microsoft.com\/platform\/support\/policy\/aspnetcore-2.1\">ASP.NET Core 2.1 Supported Packages<\/a> and apply only to running on the .NET Framework.<\/p>\n<\/div>\n<div>The .<a href=\"https:\/\/github.com\/dotnet\/core\/blob\/master\/releases.md\">NET Releases<\/a>\u00a0page is the best place to look for release lifecycle information. Knowing key dates helps you make informed decisions about when to upgrade or make other changes to your software and computing environment.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are releasing the .NET August 2021 Updates. These updates contains reliability and other improvements. See the individual release notes for details on updated packages. You can download 5.0.9\u00a0, 3.1.18, 2.1.30\u00a0versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64. Installers and binaries: 5.0.9\u00a0| 3.1.18\u00a0| 2.1.30 Release notes: 5.0.9\u00a0| 3.1.18 | 2.1.30 [&hellip;]<\/p>\n","protected":false},"author":7455,"featured_media":21638,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-33727","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"<p>Today, we are releasing the .NET August 2021 Updates. These updates contains reliability and other improvements. See the individual release notes for details on updated packages. You can download 5.0.9\u00a0, 3.1.18, 2.1.30\u00a0versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64. Installers and binaries: 5.0.9\u00a0| 3.1.18\u00a0| 2.1.30 Release notes: 5.0.9\u00a0| 3.1.18 | 2.1.30 [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/33727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/7455"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=33727"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/33727\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/21638"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=33727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=33727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=33727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}