The NuGet Blog

The latest news, updates, and insights from the NuGet team

NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th
NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th
May 25, 2020 May 25, 2020 05/25/20
Christopher Gill
Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further ...
NuGet.org will continue to support TLS 1.0 and 1.1 until further notice
NuGet.org will continue to support TLS 1.0 and 1.1 until further notice
April 22, 2020 Apr 22, 2020 04/22/20
Christopher Gill
Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 ...
Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1
Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1
February 12, 2020 Feb 12, 2020 02/12/20
The NuGet Team
In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.
Deprecating TLS 1.0 and 1.1 on NuGet.org
Deprecating TLS 1.0 and 1.1 on NuGet.org
November 15, 2019 Nov 15, 2019 11/15/19
Karan Nandwani
co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed ...
Deprecating packages on nuget.org
Deprecating packages on nuget.org
September 30, 2019 Sep 30, 2019 09/30/19
Anand Gaurav
We are excited to announce that nuget.org now supports package deprecation. This has been a long standing ask that will help the ecosystem use supported packages. As a package publisher on nuget.org, you can now deprecate packages that are obsolete, legacy, or buggy. You can also suggest an alternate package to your deprecated package. This ...
New and improved NuGet Search is here!
New and improved NuGet Search is here!
August 22, 2019 Aug 22, 2019 08/22/19
Karan Nandwani
It’s been a long time coming, and today we are excited to announce the new and improved search on NuGet.org leveraging Azure Search. We want to start this post with a huge thanks to you, the NuGet community, for providing feedback. We have aggregated all feedback around search result relevance into one mega issue. We used this as the ...
NuGet Spring 2019 Roadmap
NuGet Spring 2019 Roadmap
April 10, 2019 Apr 10, 2019 04/10/19
Anand Gaurav
We published our last NuGet roadmap in June last year. Many of the features announced were major additions to NuGet and we have been hard at work to implement those over the last few months. In this post, we will start by summarizing the features we have completed and then peek into the next wave of work planned. Looking back Here are some ...
Enable repeatable package restores using a lock file
Enable repeatable package restores using a lock file
December 17, 2018 Dec 17, 2018 12/17/18
Anand Gaurav
With PackageReference, NuGet always tries to produce the same closure of package dependencies if the input package reference list has not changed. However, there are a few scenarios where it may not be able to do so. While these cases are limited, we received multiple requests to completely lock down the full package dependency graph for ...
Lock down your dependencies using configurable trust policies
Lock down your dependencies using configurable trust policies
December 5, 2018 Dec 5, 2018 12/5/18
Rido
For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing...