{"id":8897,"date":"2017-01-30T15:43:40","date_gmt":"2017-01-30T23:43:40","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/dotnet\/?p=8897"},"modified":"2021-09-30T10:26:33","modified_gmt":"2021-09-30T17:26:33","slug":"january-2017-update-for-asp-net-core-1-1","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/january-2017-update-for-asp-net-core-1-1\/","title":{"rendered":"January 2017 Update for ASP.NET Core 1.1"},"content":{"rendered":"

We just released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983<\/a>. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service. All of the information you need is in the advisory. A short summary is provided below.<\/p>\n

Red Hat customers should consult the Red Hat advisory<\/a> for the same issue.<\/p>\n

<\/a>How to Obtain the Update<\/h2>\n

The update is in the Microsoft.AspNetCore.Mvc.Core package<\/a>. You need to upgrade your project to use version 1.1.1 (or later) of the package and then re-publish your application.<\/p>\n

See below for examples of project file updates, for project.json and csproj formats. Note the updated Microsoft.AspNetCore.Mvc.Core package\u00a0version.<\/p>\n

<\/a>Project.json<\/h3>\n

The dependencies section of an updated project.json file would look like the following (in its most minimal form).<\/p>\n

\n
\"<\/span>dependencies\"<\/span><\/span>: {\n\"<\/span>Microsoft.NETCore.App\"<\/span><\/span>: {\n    \"<\/span>version\"<\/span><\/span>: \"<\/span>1.1.0\"<\/span><\/span>,\n    \"<\/span>type\"<\/span><\/span>: \"<\/span>platform\"<\/span><\/span>\n},\n\"<\/span>Microsoft.AspNetCore\"<\/span><\/span>: \"<\/span>1.1.0\"<\/span><\/span>,\n\"<\/span>Microsoft.AspNetCore.Mvc.Core\"<\/span><\/span>: \"<\/span>1.1.1\"<\/span><\/span>,\n}<\/pre>\n<\/div>\n
<\/a>CSProj<\/h3>\n
An updated csproj file would look like the following (in its most minimal form):<\/p>\n
\n
<Project<\/span> Sdk<\/span>=\"<\/span>Microsoft.NET.Sdk.Web\"<\/span><\/span>>\n  <PropertyGroup<\/span>>\n    <TargetFramework<\/span>>netcoreapp1.1<\/TargetFramework<\/span>>\n  <\/PropertyGroup<\/span>>\n  <PropertyGroup<\/span>>\n    <PackageTargetFallback<\/span>>$(PackageTargetFallback);portable-net45+win8+wp8+wpa81;<\/PackageTargetFallback<\/span>>\n  <\/PropertyGroup<\/span>>\n  <ItemGroup<\/span>>\n    <PackageReference<\/span> Include<\/span>=\"<\/span>Microsoft.AspNetCore\"<\/span><\/span> Version<\/span>=\"<\/span>1.1.0\"<\/span><\/span> \/>\n    <PackageReference<\/span> Include<\/span>=\"<\/span>Microsoft.AspNetCore.Mvc.Core\"<\/span><\/span> Version<\/span>=\"<\/span>1.1.1\"<\/span><\/span> \/>\n  <\/ItemGroup<\/span>>\n<\/Project<\/span>><\/pre>\n<\/div>\n
<\/a>Learn more<\/h2>\n
You can ask questions on the aspnet\/mvc repo<\/a>, where a discussion issue<\/a> has been created.<\/p>\n","protected":false},"excerpt":{"rendered":"
We just released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service. All of the information you need is in the advisory. A short summary is provided below. Red Hat customers should consult the Red […]<\/p>\n","protected":false},"author":336,"featured_media":58792,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-8897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"acf":[],"blog_post_summary":"
We just released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service. All of the information you need is in the advisory. A short summary is provided below. Red Hat customers should consult the Red […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/8897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=8897"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/8897\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/58792"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=8897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=8897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=8897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}