The NuGet Blog

The latest news, updates, and insights from the NuGet team

Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1

February 12, 2020 Feb 12, 2020 02/12/20
The NuGet Team
In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.

Deprecating TLS 1.0 and 1.1 on NuGet.org

November 15, 2019 Nov 15, 2019 11/15/19
Karan Nandwani
co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed ...

Deprecating packages on nuget.org

September 30, 2019 Sep 30, 2019 09/30/19
Anand Gaurav
We are excited to announce that nuget.org now supports package deprecation. This has been a long standing ask that will help the ecosystem use supported packages. As a package publisher on nuget.org, you can now deprecate packages that are obsolete, legacy, or buggy. You can also suggest an alternate package to your deprecated package. This ...

New and improved NuGet Search is here!

August 22, 2019 Aug 22, 2019 08/22/19
Karan Nandwani
It’s been a long time coming, and today we are excited to announce the new and improved search on NuGet.org leveraging Azure Search. We want to start this post with a huge thanks to you, the NuGet community, for providing feedback. We have aggregated all feedback around search result relevance into one mega issue. We used this as the ...

NuGet Spring 2019 Roadmap

April 10, 2019 Apr 10, 2019 04/10/19
Anand Gaurav
We published our last NuGet roadmap in June last year. Many of the features announced were major additions to NuGet and we have been hard at work to implement those over the last few months. In this post, we will start by summarizing the features we have completed and then peek into the next wave of work planned. Looking back Here are some ...

Enable repeatable package restores using a lock file

December 17, 2018 Dec 17, 2018 12/17/18
Anand Gaurav
With , NuGet always tries to produce the same closure of package dependencies if the input package reference list has not changed. However, there are a few scenarios where it may not be able to do so. While these cases are limited, we received multiple requests to completely lock down the full package dependency graph for projects to produce ...

Lock down your dependencies using configurable trust policies

December 5, 2018 Dec 5, 2018 12/5/18
Rido
For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing...

Improved package debugging experience with the NuGet.org symbol server

November 16, 2018 Nov 16, 2018 11/16/18
Karan Nandwani
Starting today, you can publish symbol packages to the NuGet.org symbol server. With NuGet.org as a single service provider for libraries and symbols, package authors and consumers will have a streamlined publishing and consumption experience. With a single place for managing authentication and identity, you can be sure that both the package ...

Introducing Source Code Link for NuGet packages

August 27, 2018 Aug 27, 2018 08/27/18
Maxime Rouiller
NuGet.org now supports surfacing source code repository link for NuGet packages. This will enable package authors to surface both the project's website and the source repository using the and the properties respectively instead of having to choose between the two using just the property. The nuspec has supported the property for a while ...