The NuGet Blog

The latest news, updates, and insights from the NuGet team

Latest posts

NuGet.org will continue to support TLS 1.0 and 1.1 until further notice
Apr 22, 2020
0
0

NuGet.org will continue to support TLS 1.0 and 1.1 until further notice

Christopher Gill
Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 pandemic. In order to avoid any further disruptions to our customer's workflows, we have postponed the removal of TLS 1.0/1.1 support until further notice. For enhanced security, we still recommend ensuring your systems use TLS 1.2. We will announce a revised date for perman...

Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1
Feb 12, 2020
0
0

Deprecating TLS 1.0 and 1.1 on NuGet.org – Stage 1

The NuGet Team
The NuGet Team

In this post, we will go into more details and a specific timeline for Stage 1 i.e. temporarily removing support for TLS 1.0/1.1 on NuGet.org. The goal is to help you identify systems that may be affected and will give you an opportunity to take action before we permanently remove support for TLS 1.0/1.1 in April 2020.

Deprecating TLS 1.0 and 1.1 on NuGet.org
Nov 15, 2019
0
0

Deprecating TLS 1.0 and 1.1 on NuGet.org

Karan Nandwani
Karan Nandwani

co-authored by Scott Bommarito At Microsoft, using the latest and secure encryption techniques is very important to us to ensure the security and privacy of our customers. TLS 1.0 and TLS 1.1, released in 1999 and 2006 respectively, are known to be vulnerable to a number of attacks including POODLE and BEAST. In the past, we removed support for SSL 3 because it was also vulnerable to attacks. For those reasons, NuGet.org will be removing support for TLS 1.0 and 1.1. This means that you will no longer be able to restore packages, upload packages, or browse NuGet.org using these outdated security protocols. Th...

Deprecating packages on nuget.org
Sep 30, 2019
0
0

Deprecating packages on nuget.org

Anand Gaurav
Anand Gaurav

We are excited to announce that nuget.org now supports package deprecation. This has been a long standing ask that will help the ecosystem use supported packages. As a package publisher on nuget.org, you can now deprecate packages that are obsolete, legacy, or buggy. You can also suggest an alternate package to your deprecated package. This lets you guide your packages' consumers to the latest and greatest package. Unlisting vs. Deprecating packages Package deprecation is different than unlisting your package as explained below: Deprecating and Un-deprecating packages Package deprecation is easy. Just fo...

New and improved NuGet Search is here!
Aug 22, 2019
10
0

New and improved NuGet Search is here!

Karan Nandwani
Karan Nandwani

It’s been a long time coming, and today we are excited to announce the new and improved search on NuGet.org leveraging Azure Search. We want to start this post with a huge thanks to you, the NuGet community, for providing feedback. We have aggregated all feedback around search result relevance into one mega issue. We used this as the starting point and ensured the most egregious cases were fixed before we launched the side-by-side preview experience a few weeks ago. 70% of you voted that the new search is better! This was one of the key results in deciding to move forward leading up to today's release. Try the n...

Surfacing GitHub Usage for packages on NuGet.org
Jul 17, 2019
3
0

Surfacing GitHub Usage for packages on NuGet.org

Mohamed Riad Gahlouz
Mohamed Riad Gahlouz

Update: This feature has been enhanced. Read about the latest version. There are several criteria you can use today to evaluate NuGet packages. We received feedback that you would like even more information to help choose the right packages. We're excited to introduce GitHub Usage on nuget.org, which allows you to explore top GitHub repositories that depend on the package you are looking at. Why surface GitHub Usage? Part of determining a package's trust and popularity is to know if the package is being used, who is using it, and how are they using it. A NuGet package depended by a popular GitHub project is...

NuGet Spring 2019 Roadmap
Apr 10, 2019
0
0

NuGet Spring 2019 Roadmap

Anand Gaurav
Anand Gaurav

We published our last NuGet roadmap in June last year. Many of the features announced were major additions to NuGet and we have been hard at work to implement those over the last few months. In this post, we will start by summarizing the features we have completed and then peek into the next wave of work planned. Looking back Here are some features that were announced in our last roadmap blog post and have since been released. Cross-platform credential provider support for Azure Artifacts Status: Implemented | Documentation Before, there was no easy way to restore packages on Linux or macOS if you used Azure...

Enable repeatable package restores using a lock file
Dec 17, 2018
1
0

Enable repeatable package restores using a lock file

Anand Gaurav
Anand Gaurav

With , NuGet always tries to produce the same closure of package dependencies if the input package reference list has not changed. However, there are a few scenarios where it may not be able to do so. While these cases are limited, we received multiple requests to completely lock down the full package dependency graph for projects to produce repeatable restores (builds). We have been working on your feedback, iterating quite a few times, on the approach and design over the past few months. We are happy to announce that we have now introduced the ability to lock your project's package dependency graph via a lock f...

Lock down your dependencies using configurable trust policies
Dec 5, 2018
0
0

Lock down your dependencies using configurable trust policies

Rido
Rido

For the past several months we have focused on various features to improve package security and trust. Around a year back, we had announced our plans on various signing functionalities that we have been implementing at a steady pace. We enabled package author signing and NuGet.org repository signing earlier this year. Continuing on the signing journey, we are happy to announce configurable client policies to secure developer environments for packages. With this feature, developers can now customize their environment to define package authors and/or package repositories they trust thereby allowing only trusted pac...