The NuGet Blog

The latest news, updates, and insights from the NuGet team

HTTPS Everywhere Update

September 19, 2023 Sep 19, 2023 09/19/23

Jon Douglas

Mistakes were made When we first published the plan for the effort of HTTPS everywhere, we wanted to get developer community feedback on the various HTTP and HTTPS scenarios that we don't have much everyday visibility of. After we published that blog, we heard you loud and clear that there was a gap. This plan needed a clear way to suppress ...

The Microsoft author-signing certificate will be updated as soon as August 14th, 2023

August 3, 2023 Aug 3, 2023 08/3/23

The NuGet Team

Action required: If you validate that packages are author-signed by Microsoft using a NuGet client policy or the NuGet.exe verify command, please follow these steps by August 14th, 2023 to avoid potential disruptions when installing new Microsoft packages. If you are unsure, we have outlined steps to check if you will be impacted. Microsoft ...

HTTPS everywhere

August 9, 2022 Aug 9, 2022 08/9/22

Jon Douglas

Safety guaranteed As an ongoing effort to make HTTPS everywhere a reality for NuGet, we have taken a number of steps to help protect your everyday package management experiences. Earlier this year, a security fact sheet from The White House reinforced companies to take action to secure our software supply chains. HTTPS and SSL not only ...

Requiring two-factor authentication on NuGet.org

February 22, 2022 Feb 22, 2022 02/22/22

Claire Novotny

NuGet.org will begin requiring two-factor authentication for accounts starting March 8th.

.NET 5 NuGet Restore Failures on Linux distributions using NSS or ca-certificates

April 6, 2021 Apr 6, 2021 04/6/21

Jon Douglas

We will be releasing updated builds of NuGet this week to accommodate NuGet restore failures on Linux distributions. The failures are observed when updated versions of the NSS or ca-certificates packages are installed.

The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021

February 25, 2021 Feb 25, 2021 02/25/21

Christopher Gill

The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.

Happy 10th Birthday, NuGet!

January 13, 2021 Jan 13, 2021 01/13/21

Christopher Gill

NuGet 1.0 was released on January 13th, 2011 – 10 years and 4 major version releases ago. Since then, NuGet.org has grown to host a large and vibrant package ecosystem with over 230 thousand unique packages.

Getting Started With NuGet 5.8

November 13, 2020 Nov 13, 2020 11/13/20

Jon Douglas

NuGet 5.8 is one of many releases in our .NET unification journey. Our NuGet tooling helps developers discover new .NET packages to use for their .NET applications, while making package management easier during your daily development.

NuGet.org will continue to support TLS 1.0 and 1.1 until further notice

April 22, 2020 Apr 22, 2020 04/22/20

Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 ...

Deprecating TLS 1.0 and 1.1 on NuGet.org

November 15, 2019 Nov 15, 2019 11/15/19

Karan Nandwani

co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed ...

The NuGet Blog

Other announcements - The NuGet Blog