4

.NET October 2023 Updates – .NET 7.0.12, .NET 6.0.23

 8 months ago
source link: https://devblogs.microsoft.com/dotnet/october-2023-updates/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

.NET October 2023 Updates – .NET 7.0.12, .NET 6.0.23

me-96x96.jpg

Rahul Bhandari (MSFT)

October 10th, 20230 0

Today, we are releasing the .NET October 2023 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 7.0.12 and 6.0.23 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Windows Package Manager CLI (winget)

You can now install .NET updates using the Windows Package Manager CLI (winget):

  • To install the .NET 7 runtime: winget install dotnet-runtime-7

  • To install the .NET 7 SDK: winget install dotnet-sdk-7

  • To update an existing installation: winget upgrade

See Install with Windows Package Manager (winget) for more information.

Security

CVE-2023-44487 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 RC1, .NET 7.0 ,and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A patch for this vulnerability (nicknamed “Rapid Reset”) is being released in coordination with other industry partners.

A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with specially crafted HTTP/2 requests, causing denial of service.

CVE-2023-38171 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 RC1. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A null pointer vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems.

CVE-2023-36435 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 RC1. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A memory leak vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems.

Visual Studio

See release notes for Visual Studio compatibility for .NET 7.0 and .NET 6.0.

Rahul Bhandari (MSFT) Program Manager, .NET

Follow


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK