The NuGet Blog

The latest news, updates, and insights from the NuGet team

NuGetAudit 2.0: Elevating Security and Trust in Package Management

July 17, 2024 Jul 17, 2024 07/17/24

Introduction In November 2023 (NuGet 6.8, Visual Studio 17.8, .NET SDK 8.0.100), we released NuGet Audit. NuGet Audit provides warnings during restore when a package with a known vulnerability is used by a project. More information about NuGet Audit, including detailed configuration options can be found on our learn website. New features are ...

Building a Safer Future – How NuGet is Tackling Software Supply Chain Threats

July 16, 2024 Jul 16, 2024 07/16/24

Jon Douglas

Despite significant technological progress in addressing complex security threats, the key to preventing the next attack lies in adhering to fundamental security principles. It's essential to ensure the software ecosystem is secure, focusing on protecting .NET developers who design, build, and maintain the critical software we all use. As the...

Announcing NuGet 6.8 – Maintaining Security with Ease

November 17, 2023 Nov 17, 2023 11/17/23

Allie Barry

NuGet 6.8 is included in Visual Studio 2022 and .NET 8.0 out of the box. You can also download NuGet 6.8 for Windows, macOS, and Linux as a standalone executable. Maintaining and understanding security status in your projects is now easier than ever in NuGet 6.8. We're happy to announce a plethora of new features to help you be aware ...

Announcing NuGet 6.0 – Source Mapping, Package Vulnerabilities, Faster Solution Load, Oh My!

November 8, 2021 Nov 8, 2021 11/8/21

Jon Douglas

NuGet 6.0 - Source Mapping, Package Vulnerabilities, Faster Solution Load, Oh My! NuGet 6.0 is included in Visual Studio 2022 and .NET 6.0 out of the box. You can also download NuGet 6.0 for Windows, macOS, and Linux as a standalone executable. NuGet 6.0 is one of many releases in our .NET unification journey. Our NuGet tooling helps ...

Introducing Package Source Mapping

September 15, 2021 Sep 15, 2021 09/15/21

Nikolche Kolev

We're happy to announce the first preview release of Package Source Mapping with Visual Studio 2022 preview 4! Package Source Mapping gives you fine-grained control of where your packages come from by mapping every package in your solution to a target package source.

How to Scan NuGet Packages for Security Vulnerabilities

March 2, 2021 Mar 2, 2021 03/2/21

Drew Gillies

Today, we are announcing the public availability of NuGet’s vulnerability features that you can use to ensure your projects are vulnerability free and if not, to take action to securing your software supply chain.

The NuGet.org repository signing certificate will be updated as soon as March 15th, 2021

February 25, 2021 Feb 25, 2021 02/25/21

Christopher Gill

The current NuGet.org repository signing certificate will be updated as soon as March 15th, 2021. If you validate that packages are repository signed by NuGet.org, you will need to take steps to avoid disruptions when installing packages from NuGet.org.

The Microsoft author signing certificate will be updated as soon as November 1st, 2020

October 22, 2020 Oct 22, 2020 10/22/20

Christopher Gill

The current Microsoft author signing certificate will be updated as soon as November 1st, 2020. If you validate that packages are author signed by Microsoft, you will need to take steps to avoid disruptions when installing Microsoft packages.

NuGet.org will permanently remove support for TLS 1.0 and 1.1 on June 15th

May 25, 2020 May 25, 2020 05/25/20

Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org in which we stated that the permanent removal of TLS 1.0/1.1 support would occur in April 2020. However, in April, to avoid disrupting customers in the midst of the COVID-19 pandemic, we announced that we would continue to support TLS 1.0/1.1 until further ...

NuGet.org will continue to support TLS 1.0 and 1.1 until further notice

April 22, 2020 Apr 22, 2020 04/22/20

Christopher Gill

Last November, we shared our two-stage plan for deprecating TLS 1.0/1.1 on NuGet.org and actions you can take today to ensure your systems use TLS 1.2. In that post, we announced that NuGet.org would remove support for TLS 1.0/1.1 in April 2020. However, since then, our customers have faced a variety of challenges in the wake of the COVID-19 ...

The NuGet Blog

security - The NuGet Blog