Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.
Recently, our team launched our first quarterly user survey for NuGet.org. With over 500 responses, we wanted to spend some time to share with you what we've learned in these last few months.
The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.
NuGet 1.0 was released on January 13th, 2011 – 10 years and 4 major version releases ago. Since then, NuGet.org has grown to host a large and vibrant package ecosystem with over 230 thousand unique packages.
We announced the deprecation of custom V2 OData queries (#37) last year and conducted a dry run in early November to ensure that there are no surprises for users. Going forward, we plan to bring all new features and improvements only to the newer V3 APIs. As part of this strategy, we will begin blocking select endpoints used by 3rd party clients on...
The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.
We're excited to announce that you can now view dependent packages in the new Used By section on NuGet.org, yet another major improvement to the package evaluation experience!
We are excited to announce that NuGet.org now supports one of our top customer asks - advanced search! You can now use a multitude of sorting and filtering criteria to help find the best NuGet packages for your needs!
Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further notice.
...