Skip to content

Latest commit

 

History

History
264 lines (207 loc) · 22.4 KB

2.2.5.md

File metadata and controls

264 lines (207 loc) · 22.4 KB

.NET Core 2.2.5 Update - May 14, 2019

.NET Core 2.2.5 is available for download and usage in your environment. This release includes .NET Core 2.2.5, ASP.NET Core 2.2.5 and updates to the .NET Core SDK.

Note: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. If you use other development environments, we recommend using the latest SDK release.

VS Version .NET Core SDK
Visual Studio 2017 (Windows) 2.2.107
Visual Studio 2019 (Windows) 2.2.204
Visual Studio for Mac https://learn.microsoft.com/visualstudio/mac/net-core-support

We've created an issue at dotnet/core #2727 for your questions and comments.

Downloads

SDK Installer1 SDK Binaries1 Runtime Installer Runtime Binaries ASP.NET Core Runtime
Windows x86 | x64 x86 | x64 x86 | x64 x86 | x64 x86 | x64
Hosting Bundle2
macOS x64 x64 x64 x64 x641
Linux See installations steps below x64 | ARM | ARM64 | x64 Alpine - x64 | ARM | ARM64 | x64 Alpine] x641 | ARM321 | x64 Alpine1
RHEL6 - x64 - x64 -
Checksums SDK - Runtime - -
Symbols CLI | SDK - Runtime | Shared Framework | Setup - ASP.NET Core
  1. Includes the .NET Core and ASP.NET Core Runtimes
  2. For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Core runtime.

Docker Images

The .NET Core Docker images have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in "Staying up-to-date with .NET Container Images".

The following repos have been updated

Azure AppServices

  • .NET Core 2.2.5 is being deployed to Azure App Services and the deployment is expected to complete in a couple of days.

.NET Core Lifecycle News

Ubuntu 14.04 reached the end of standard support April 2019. We will no longer produce and release packages for this OS version.

.NET Core 1.0 and 1.1, which entered "Maintenance" support status when 2.1 was declared LTS, will be end-of-life June 27, 2019. Updates for the 1.0 and 1.1 channels will no longer be offered after that date. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.

See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

Changes in 2.2.5

.NET Core 2.2.5 release carries both security and non-security fixes.

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 1.0, 1.1, 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists when .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.

The update addresses the vulnerability by correcting how .NET Core applications handle RegEx string processing.

**Affected Package and Binary updates**

Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
System.Text.RegularExpressions.dll | 4.3.0 | 4.3.1

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and ASP.NET Core 1.0, 1.1, 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists when .NET Core and ASP.NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core and ASP.NET Core application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.

The update addresses the vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests.

**Affected Package and Binary updates**

Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
System.Private.Uri | 4.3.0, 4.3.1 | 4.3.2

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and ASP.NET Core 1.0, 1.1, 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists when .NET Core and ASP.NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core and ASP.NET Core application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.

The update addresses the vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests.

**Affected Package and Binary updates**

Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
System.Private.Uri | 4.3.0, 4.3.1 | 4.3.2

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.

The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

**Affected Package and Binary updates**

Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
Microsoft.AspNetCore.SignalR.Protocols.MessagePack | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4<br/>1.1.0 | 1.0.11<br/>1.1.5

Additional fixes in this release

Packages updated in this release:

Package name Version
Microsoft.AspNetCore.All 2.2.5
Microsoft.AspNetCore.App 2.2.5
Microsoft.AspNetCore.AzureAppServices.HostingStartup 2.2.5
Microsoft.AspNetCore.AzureAppServicesIntegration 2.2.5
Microsoft.AspNetCore.DataProtection.StackExchangeRedis 2.2.5
Microsoft.AspNetCore.Identity.UI 2.2.5
Microsoft.AspNetCore.Mvc.Core 2.2.5
Microsoft.AspNetCore.Mvc.RazorPages 2.2.5
Microsoft.AspNetCore.SignalR.Protocols.MessagePack 1.1.5
Microsoft.AspNetCore.SignalR.Redis 1.1.5
Microsoft.AspNetCore.SignalR.StackExchangeRedis 1.1.5
Microsoft.DotNet.Web.Client.ItemTemplates 2.2.5
Microsoft.DotNet.Web.ItemTemplates 2.2.5
Microsoft.DotNet.Web.ProjectTemplates.2.2 2.2.5
Microsoft.DotNet.Web.Spa.ProjectTemplates 2.2.5
Microsoft.Extensions.Caching.StackExchangeRedis 2.2.5
Microsoft.Extensions.Diagnostics.HealthChecks 2.2.5
Microsoft.Extensions.Logging.AzureAppServices 2.2.5
Microsoft.NETCore.App 2.2.5
Microsoft.NETCore.DotNetAppHost 2.2.5
Microsoft.NETCore.DotNetHost 2.2.5
Microsoft.NETCore.DotNetHostPolicy 2.2.5
Microsoft.NETCore.DotNetHostResolver 2.2.5
Microsoft.NETCore.Platforms 2.2.1
Microsoft.Windows.Compatibility 2.1.1
runtime.linux-arm.Microsoft.NETCore.App 2.2.5
runtime.linux-arm.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.linux-arm.Microsoft.NETCore.DotNetHost 2.2.5
runtime.linux-arm.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.linux-arm.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.linux-arm64.Microsoft.NETCore.App 2.2.5
runtime.linux-arm64.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.linux-arm64.Microsoft.NETCore.DotNetHost 2.2.5
runtime.linux-arm64.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.linux-arm64.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.linux-musl-x64.Microsoft.NETCore.App 2.2.5
runtime.linux-musl-x64.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHost 2.2.5
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.linux-x64.Microsoft.NETCore.App 2.2.5
runtime.linux-x64.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.linux-x64.Microsoft.NETCore.DotNetHost 2.2.5
runtime.linux-x64.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.linux-x64.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.osx-x64.Microsoft.NETCore.App 2.2.5
runtime.osx-x64.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.osx-x64.Microsoft.NETCore.DotNetHost 2.2.5
runtime.osx-x64.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.osx-x64.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.rhel.6-x64.Microsoft.NETCore.App 2.2.5
runtime.rhel.6-x64.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHost 2.2.5
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.win-arm.Microsoft.NETCore.App 2.2.5
runtime.win-arm.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.win-arm.Microsoft.NETCore.DotNetHost 2.2.5
runtime.win-arm.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.win-arm.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.win-arm64.Microsoft.NETCore.App 2.2.5
runtime.win-arm64.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.win-arm64.Microsoft.NETCore.DotNetHost 2.2.5
runtime.win-arm64.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.win-arm64.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.win-x64.Microsoft.NETCore.App 2.2.5
runtime.win-x64.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.win-x64.Microsoft.NETCore.DotNetHost 2.2.5
runtime.win-x64.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.win-x64.Microsoft.NETCore.DotNetHostResolver 2.2.5
runtime.win-x86.Microsoft.NETCore.App 2.2.5
runtime.win-x86.Microsoft.NETCore.DotNetAppHost 2.2.5
runtime.win-x86.Microsoft.NETCore.DotNetHost 2.2.5
runtime.win-x86.Microsoft.NETCore.DotNetHostPolicy 2.2.5
runtime.win-x86.Microsoft.NETCore.DotNetHostResolver 2.2.5
System.Data.SqlClient 4.6.1