Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In this post, we will go into more details and a specific timeline for Stage 1 i.e.
Post by this author
co-authored by Scott Bommarito
At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST.
It’s been a long time coming, and today we are excited to announce the new and improved search on NuGet.org leveraging Azure Search. We want to start this post with a huge thanks to you, the NuGet community, for providing feedback.
Starting today, you can publish symbol packages to the NuGet.org symbol server. With NuGet.org as a single service provider for libraries and symbols, package authors and consumers will have a streamlined publishing and consumption experience. With a single place for managing authentication and identity,
We are excited to welcome SymbolSource.org to the .NET Foundation! SymbolSource has been providing a valuable service to the .NET Community for years with the ability to host Symbols for public NuGet packages on SymbolSource. With recent progress made in several areas,
Last year, we introduced the option to make PackageReference the default package management format for managing NuGet dependencies when installing the first NuGet package for a newly created projects. With Visual Studio Version 15.7 Preview 3, we have introduced the capability to migrate existing projects that use the packages.config format to use PackageReference instead.
NuGet.org, the package manager for .NET, was purpose-built as a global service with high scale performance regardless of the developer’s location. We are finding that this is not always the case, particularly for developers accessing the service from China, which is the second largest region for .NET developers.
In the past, NuGet packages were managed in two different ways – packages.config and project.json – each with their own sets of advantages and limitations. With Visual Studio 2017 and .NET Core, we have improved the NuGet package management experience by introducing the PackageReference feature in MSBuild.
At NuGet, we are constantly improving our security. One of the steps we are taking is to move our HTTPS end points to meet industry standards for algorithms and protocols. This means that connecting to nuget.org services from machines that don’t support modern cipher algorithms will no longer be supported (such as TLS 1.0 support in Windows XP).
In late 2016, we started on the journey of improving the docs experience for NuGet with the revamped docs experience. Continuing that journey, today we are announcing the move to docs.microsoft.com/nuget. Given how NuGet has grown to become an integral part of the Visual Studio and .NET ecosystems,