The NuGet Blog

The latest news, updates, and insights from the NuGet team

HTTPS Everywhere Update

September 19, 2023 Sep 19, 2023 09/19/23

Jon Douglas

Mistakes were made When we first published the plan for the effort of HTTPS everywhere, we wanted to get developer community feedback on the various HTTP and HTTPS scenarios that we don't have much everyday visibility of. After we published that blog, we heard you loud and clear that there was a gap. This plan needed a clear way to suppress ...

Introducing Transitive Dependencies in Visual Studio

August 9, 2022 Aug 9, 2022 08/9/22

Jon Douglas, Jean-Pierre Briedé

We heard from you that direct dependencies are easy to track, but that you struggle with tracking transitive dependencies. We want to make that easier for the day-to-day management of your NuGet packages in Visual Studio. To help you track transitive dependencies and remediate vulnerabilities quickly with SDK-style projects, we are ...

HTTPS everywhere

August 9, 2022 Aug 9, 2022 08/9/22

Jon Douglas

Safety guaranteed As an ongoing effort to make HTTPS everywhere a reality for NuGet, we have taken a number of steps to help protect your everyday package management experiences. Earlier this year, a security fact sheet from The White House reinforced companies to take action to secure our software supply chains. HTTPS and SSL not only ...

Requiring two-factor authentication on NuGet.org

February 22, 2022 Feb 22, 2022 02/22/22

Claire Novotny

NuGet.org will begin requiring two-factor authentication for accounts starting March 8th.

Introducing Package Source Mapping

September 15, 2021 Sep 15, 2021 09/15/21

Nikolche Kolev

We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.

.NET 5 NuGet Restore Failures on Linux distributions using NSS or ca-certificates

April 6, 2021 Apr 6, 2021 04/6/21

Jon Douglas

We will be releasing updated builds of NuGet this week to accommodate NuGet restore failures on Linux distributions. The failures are observed when updated versions of the NSS or ca-certificates packages are installed.

How to Scan NuGet Packages for Security Vulnerabilities

March 2, 2021 Mar 2, 2021 03/2/21

Drew Gillies

Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.

The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021

February 25, 2021 Feb 25, 2021 02/25/21

Christopher Gill

The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.

The Microsoft author signing certificate will be updated as soon as November 1st, 2020

October 22, 2020 Oct 22, 2020 10/22/20

Christopher Gill

The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.

NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th

May 25, 2020 May 25, 2020 05/25/20

Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further ...

The NuGet Blog

Security - The NuGet Blog