Today, we are releasing the . for 1.0 and 1.1. This includes .NET Core 1.0.13, 1.1. and .NET Core SDK 1.1..

Security

CVE-2018-8292: .NET Core Information Disclosure Vulnerability

Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core when HTTP authentication information is inadvertently exposed in an outbound request that encounters an HTTP redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application.

The update addresses the vulnerability by correcting how .NET Core applications handles HTTP redirects.

Getting the Update

The latest .NET Core updates are available on the .NET Core download page.

Today’s releases are listed as follows:

Docker Images

.NET Docker images have been updated for today’s release. The following repos have been updated.

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Azure App Services deployment

Deployment to Azure App Services has begun and the West Central US region will be live this morning. Remaining regions will be updated over the next few days and deployment is expected to be complete by end of week.

Previous .NET Core Updates

The last few .NET Core updates follow:





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here