The latest news, updates, and insights from the NuGet team
February 27, 2018Feb 27, 201802/27/18As announced in our NuGet Fall 2017 Roadmap blog post, we are transitioning away from NuGet.org’s home-grown authentication mechanism which will eventually allow us to add support for additional security systems such as two-factor authentication (2-FA). In preparation for this transition,
February 1, 2018Feb 1, 201802/1/18In December 2017, we changed the NuGet.org backend publishing pipeline to introduce a set of validation steps for submitted packages. Our goal is to maintain the same level of experience in terms of the time and effort it would take to publish a package and have it available for download.
September 7, 2017Sep 7, 201709/7/17NuGet.org, the package manager for .NET, was purpose-built as a global service with high scale performance regardless of the developer’s location. We are finding that this is not always the case, particularly for developers accessing the service from China, which is the second largest region for .NET developers.
July 18, 2017Jul 18, 201707/18/17It’s been a long time coming, and today we are excited to announce some big changes coming to NuGet.org. With almost 3 million monthly page views, NuGet.org is the gateway for .NET developers to find packages that accelerate their projects. However,
April 17, 2017Apr 17, 201704/17/17Update on 10/16/2017: Package ID Prefix Reservation is now live. The documentation can be found here.
We want to start this post with a huge thanks to you, the NuGet community. Over the last several months we have been talking to many of you to get feedback on NuGet package identity and trust.
February 2, 2017Feb 2, 201702/2/17Update 2/14 (05:00 PM PST): This feature is now live! Login to your nuget account and expand the API Keys section to see the new experience.
Since last year, we have been working on several fronts to advance NuGet as a secure environment for package distribution.
January 19, 2017Jan 19, 201701/19/17At NuGet, we are constantly improving our security. One of the steps we are taking is to move our HTTPS end points to meet industry standards for algorithms and protocols. This means that connecting to nuget.org services from machines that don’t support modern cipher algorithms will no longer be supported (such as TLS 1.0 support in Windows XP).
August 25, 2016Aug 25, 201608/25/16In June, we published a blog post announcing Expiring API Keys. We received a lot of great feedback from the community about it. In retrospect, we did not do a great job explaining the motivation and reasoning for this security measure to the community.
June 22, 2016Jun 22, 201606/22/16Update 6/22 (2:15 P.M PST): We have a lot of feedback coming in from the community on this topic. This change will not have any impact for another 90 days at the minimum. We are reviewing your feedback and will discuss further how to achieve our goal of improved security of NuGet.org.
February 16, 2016Feb 16, 201602/16/16One of the less visible changes since we released NuGet 3.0 is that NuGet uses a new server “API v3”. This new API is designed around high availability for critical scenarios such as package restore and installing packages. API v3 will be the way forward for NuGet while keeping “API v2”
