Security

Introducing Transitive Dependencies in Visual Studio

August 9, 2022 Aug 9, 2022 08/9/22

We heard from you that direct dependencies are easy to track, but that you struggle with tracking transitive dependencies. We want to make that easier for the day-to-day management of your NuGet packages in Visual Studio. To help you track transitive dependencies and remediate vulnerabilities quickly with SDK-style projects, we are ...

HTTPS everywhere

August 9, 2022 Aug 9, 2022 08/9/22

Jon Douglas

Safety guaranteed As an ongoing effort to make HTTPS everywhere a reality for NuGet, we have taken a number of steps to help protect your everyday package management experiences. Earlier this year, a security fact sheet from The White House reinforced companies to take action to secure our software supply chains. HTTPS and SSL not only ...

Requiring two-factor authentication on NuGet.org

February 22, 2022 Feb 22, 2022 02/22/22

Claire Novotny

NuGet.org will begin requiring two-factor authentication for accounts starting March 8th.

Introducing Package Source Mapping

September 15, 2021 Sep 15, 2021 09/15/21

Nikolche Kolev

We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.

.NET 5 NuGet Restore Failures on Linux distributions using NSS or ca-certificates

April 6, 2021 Apr 6, 2021 04/6/21

Jon Douglas

We will be releasing updated builds of NuGet this week to accommodate NuGet restore failures on Linux distributions. The failures are observed when updated versions of the NSS or ca-certificates packages are installed.

How to Scan NuGet Packages for Security Vulnerabilities

March 2, 2021 Mar 2, 2021 03/2/21

Drew Gillies

Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.

The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021

February 25, 2021 Feb 25, 2021 02/25/21

Christopher Gill

The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.

The Microsoft author signing certificate will be updated as soon as November 1st, 2020

October 22, 2020 Oct 22, 2020 10/22/20

Christopher Gill

The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.

NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th

May 25, 2020 May 25, 2020 05/25/20

Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further ...

NuGet.org will continue to support TLS 1.0 and 1.1 until further notice

April 22, 2020 Apr 22, 2020 04/22/20

Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 ...

The NuGet Blog

Security - The NuGet Blog

Introducing Transitive Dependencies in Visual Studio

HTTPS everywhere

Requiring two-factor authentication on NuGet.org

Introducing Package Source Mapping

.NET 5 NuGet Restore Failures on Linux distributions using NSS or ca-certificates

How to Scan NuGet Packages for Security Vulnerabilities

The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021

The Microsoft author signing certificate will be updated as soon as November 1st, 2020

NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th

NuGet.org will continue to support TLS 1.0 and 1.1 until further notice