Skip to main content
Microsoft
NuGet
NuGet
  • Home
  • DevBlogs
    • Visual Studio
    • Visual Studio Code
    • Visual Studio for Mac
    • DevOps
    • Developer support
    • CSE Developer
    • Engineering@Microsoft
    • Azure SDK
    • IoT
    • Command Line
    • Perf and Diagnostics
    • Dr. International
    • Notification Hubs
    • Math in Office
    • DirectX
    • PIX
    • SurfaceDuo
    • Startups
    • Sustainable Engineering
    • Windows AI Platform
    • C++
    • C#
    • F#
    • Visual Basic
    • TypeScript
    • PowerShell Community
    • PowerShell Team
    • Python
    • Q#
    • JavaScript
    • Java
    • Java Blog in Chinese
    • .NET
    • .NET MAUI
    • Blazor
    • ASP.NET
    • NuGet
    • Xamarin
    • #ifdef Windows
    • Apps for Windows
    • Azure Depth Platform
    • Azure Government
    • Bing Dev Center
    • Microsoft Edge Dev
    • Microsoft Azure
    • Microsoft 365 Developer
    • Old New Thing
    • Windows MIDI and Music dev
    • Windows Search Platform
    • Azure Cosmos DB
    • Azure Data Studio
    • Azure SQL
    • OData
    • Revolutions R
    • SQL Server Data Tools

    The NuGet Blog

    The latest news, updates, and insights from the NuGet team

    Security - The NuGet Blog

    Introducing Package Source Mapping
    Introducing Package Source Mapping
    Nikolche Kolev September 15, 2021 Sep 15, 2021 09/15/21
    We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.
    4Feature AnnouncementNuGetSecurity
    .NET 5 NuGet Restore Failures on Linux distributions using NSS or ca-certificates
    .NET 5 NuGet Restore Failures on Linux distributions using NSS or ca-certificates
    Jon Douglas April 6, 2021 Apr 6, 2021 04/6/21
    We will be releasing updated builds of NuGet this week to accommodate NuGet restore failures on Linux distributions. The failures are observed when updated versions of the NSS or ca-certificates packages are installed.
    Comments are closed.0NuGetIncidentOther announcements
    How to Scan NuGet Packages for Security Vulnerabilities
    How to Scan NuGet Packages for Security Vulnerabilities
    Drew Gillies March 2, 2021 Mar 2, 2021 03/2/21
    Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.
    27NuGetFeature AnnouncementNuGet.org
    The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021
    The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021
    Christopher Gill February 25, 2021 Feb 25, 2021 02/25/21
    The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.
    1NuGetNuGet.orgOther announcements
    The Microsoft author signing certificate will be updated as soon as November 1st, 2020
    The Microsoft author signing certificate will be updated as soon as November 1st, 2020
    Christopher Gill October 22, 2020 Oct 22, 2020 10/22/20
    The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.
    Comments are closed.0NuGetNuGet.orgSecurity
    NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th
    NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th
    Christopher Gill May 25, 2020 May 25, 2020 05/25/20
    Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further ...
    Comments are closed.0NuGet.orgSecurity
    NuGet.org will continue to support TLS 1.0 and 1.1 until further notice
    NuGet.org will continue to support TLS 1.0 and 1.1 until further notice
    Christopher Gill April 22, 2020 Apr 22, 2020 04/22/20
    Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 ...
    Comments are closed.0NuGet.orgOther announcementsSecurity
    Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1
    Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1
    The NuGet Team February 12, 2020 Feb 12, 2020 02/12/20
    In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.
    Comments are closed.0NuGetNuGet.orgSecurity
    Deprecating TLS 1.0 and 1.1 on NuGet.org
    Deprecating TLS 1.0 and 1.1 on NuGet.org
    Karan Nandwani November 15, 2019 Nov 15, 2019 11/15/19
    co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed ...
    Comments are closed.0NuGet.orgOther announcementsSecurity
    Lock down your dependencies using configurable trust policies
    Lock down your dependencies using configurable trust policies
    Rido December 5, 2018 Dec 5, 2018 12/5/18
    For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing...
    Comments are closed.0Security
    • Page 1
    • Page 2
    • Next page
    Relevant Links

    NuGet.org

    NuGet documentation

    Release Notes

    Announcements

    Report a client bug

    Report a NuGet.org bug

    Topics
  • NuGet.org
  • Release announcement
  • Feature Announcement
  • Visual Studio
  • Security
  • Other announcements
  • NuGet
  • Incident
  • Roadmap
  • Insights
  • Debugging
  • Deprecation
    • Archive
  • November 2021
  • September 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • May 2020
  • April 2020
  • February 2020
  • November 2019
  • September 2019
  • August 2019
  • July 2019
  • April 2019
  • December 2018
  • November 2018
  • August 2018
  • July 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • September 2017
  • August 2017
  • July 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • March 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • December 2012
  • October 2012
  • September 2012
  • August 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012

    • Stay informed

    Login
    Code Block
    What's new
    • Surface Pro 8
    • Surface Laptop Studio
    • Surface Pro X
    • Surface Go 3
    • Surface Duo 2
    • Surface Pro 7+
    • Windows 11 apps
    • HoloLens 2
    Microsoft Store
    • Account profile
    • Download Center
    • Microsoft Store support
    • Returns
    • Order tracking
    • Virtual workshops and training
    • Microsoft Store Promise
    • Flexible Payments
    Education
    • Microsoft in education
    • Office for students
    • Office 365 for schools
    • Deals for students & parents
    • Microsoft Azure in education
    Enterprise
    • Azure
    • AppSource
    • Automotive
    • Government
    • Healthcare
    • Manufacturing
    • Financial services
    • Retail
    Developer
    • Microsoft Visual Studio
    • Windows Dev Center
    • Developer Center
    • Microsoft developer program
    • Channel 9
    • Microsoft 365 Dev Center
    • Microsoft 365 Developer Program
    • Microsoft Garage
    Company
    • Careers
    • About Microsoft
    • Company news
    • Privacy at Microsoft
    • Investors
    • Diversity and inclusion
    • Accessibility
    • Security
    English (United States)
    • Sitemap
    • Contact Microsoft
    • Privacy
    • Manage cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2022