.NET March 2022 Updates – .NET 6.0.3, .NET 5.0.15 and, .NET 3.1.23
source link: https://devblogs.microsoft.com/dotnet/march-2022-updates/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
.NET March 2022 Updates – .NET 6.0.3, .NET 5.0.15 and, .NET 3.1.23
Rahul
March 8th, 2022
Today, we are releasing the .NET March 2022 Updates. These updates contain reliability and security improvements. See the individual release notes for details on updated packages.
You can download 6.0.3, 5.0.15 and, 3.1.23 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.
Improvements
Security
CVE-2020-8927: .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in .NET 5.0 and .NET Core 3.1 where a buffer overflow exists in the Brotli library versions prior to 1.0.8.
CVE-2022-24464: .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a Denial of Service vulnerability, which exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests.
CVE-2022-24512: .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double Parse routine.
Visual Studio
See release notes for Visual Studio compatibility for .NET 6.0, .NET 5.0 and, .NET Core 3.1.
Rahul Bhandari
Software Engineer, .NET
Follow
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK