The NuGet Blog

The latest news, updates, and insights from the NuGet team

NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th
AvatarMay 25, 2020May 25, 202005/25/20
Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further not
NuGet.org Security Illustration
NuGet.org will continue to support TLS 1.0 and 1.1 until further notice
AvatarApril 22, 2020Apr 22, 202004/22/20
Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 p
Deprecating TLS 1.0 and 1.1 on NuGet.org
Karan NandwaniNovember 15, 2019Nov 15, 201911/15/19
co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed support f
Deprecating packages on nuget.org
Anand GauravSeptember 30, 2019Sep 30, 201909/30/19
We are excited to announce that nuget.org now supports package deprecation. This has been a long standing ask that will help the ecosystem use supported packages. As a package publisher on nuget.org, you can now deprecate packages that are obsolete, legacy, or buggy. You can also suggest an alternate package to your deprecated package. This le
New and improved NuGet Search is here!
Karan NandwaniAugust 22, 2019Aug 22, 201908/22/19
It’s been a long time coming, and today we are excited to announce the new and improved search on NuGet.org leveraging Azure Search. We want to start this post with a huge thanks to you, the NuGet community, for providing feedback. We have aggregated all feedback around search result relevance into one mega issue. We used this as the startin
Surfacing GitHub Usage for packages on NuGet.org
AvatarJuly 17, 2019Jul 17, 201907/17/19
There are several criteria you can use today to evaluate NuGet packages. We received feedback that you would like even more information to help choose the right packages. We're excited to introduce GitHub Usage on nuget.org, which allows you to explore top GitHub repositories that depend on the package you are looking at. Why surface GitHub
NuGet Spring 2019 Roadmap
Anand GauravApril 10, 2019Apr 10, 201904/10/19
We published our last NuGet roadmap in June last year. Many of the features announced were major additions to NuGet and we have been hard at work to implement those over the last few months. In this post, we will start by summarizing the features we have completed and then peek into the next wave of work planned. Looking back Here are some f
Enable repeatable package restores using a lock file
Anand GauravDecember 17, 2018Dec 17, 201812/17/18
With PackageReference, NuGet always tries to produce the same closure of package dependencies if the input package reference list has not changed. However, there are a few scenarios where it may not be able to do so. While these cases are limited, we received multiple requests to completely lock down the full package dependency graph for proje
Lock down your dependencies using configurable trust policies
AvatarDecember 5, 2018Dec 5, 201812/5/18
For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing
Improved package debugging experience with the NuGet.org symbol server
Karan NandwaniNovember 16, 2018Nov 16, 201811/16/18
Starting today, you can publish symbol packages to the NuGet.org symbol server. With NuGet.org as a single service provider for libraries and symbols, package authors and consumers will have a streamlined publishing and consumption experience. With a single place for managing authentication and identity, you can be sure that both the package a