.NET Core 2.2.5 is available for download and usage in your environment. This release includes .NET Core 2.2.5, ASP.NET Core 2.2.5 and updates to the .NET Core SDK.
Note: If you are a Visual Studio user, there are MSBuild version requirements so use only the .NET Core SDK supported for each Visual Studio version. If you use other development environments, we recommend using the latest SDK release.
VS Version | .NET Core SDK |
---|---|
Visual Studio 2017 (Windows) | 2.2.107 |
Visual Studio 2019 (Windows) | 2.2.204 |
Visual Studio for Mac | https://learn.microsoft.com/visualstudio/mac/net-core-support |
We've created an issue at dotnet/core #2727 for your questions and comments.
SDK Installer1 | SDK Binaries1 | Runtime Installer | Runtime Binaries | ASP.NET Core Runtime | |
---|---|---|---|---|---|
Windows | x86 | x64 | x86 | x64 | x86 | x64 | x86 | x64 | x86 | x64 Hosting Bundle2 |
macOS | x64 | x64 | x64 | x64 | x641 |
Linux | See installations steps below | x64 | ARM | ARM64 | x64 Alpine | - | x64 | ARM | ARM64 | x64 Alpine] | x641 | ARM321 | x64 Alpine1 |
RHEL6 | - | x64 | - | x64 | - |
Checksums | SDK | - | Runtime | - | - |
Symbols | CLI | SDK | - | Runtime | Shared Framework | Setup | - | ASP.NET Core |
- Includes the .NET Core and ASP.NET Core Runtimes
- For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Core runtime.
The .NET Core Docker images have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in "Staying up-to-date with .NET Container Images".
The following repos have been updated
- .NET Core 2.2.5 is being deployed to Azure App Services and the deployment is expected to complete in a couple of days.
Ubuntu 14.04 reached the end of standard support April 2019. We will no longer produce and release packages for this OS version.
.NET Core 1.0 and 1.1, which entered "Maintenance" support status when 2.1 was declared LTS, will be end-of-life June 27, 2019. Updates for the 1.0 and 1.1 channels will no longer be offered after that date. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.
See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.
.NET Core 2.2.5 release carries both security and non-security fixes.
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 1.0, 1.1, 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists when .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.
The update addresses the vulnerability by correcting how .NET Core applications handle RegEx string processing.
**Affected Package and Binary updates**
Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
System.Text.RegularExpressions.dll | 4.3.0 | 4.3.1
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and ASP.NET Core 1.0, 1.1, 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists when .NET Core and ASP.NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core and ASP.NET Core application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.
The update addresses the vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests.
**Affected Package and Binary updates**
Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
System.Private.Uri | 4.3.0, 4.3.1 | 4.3.2
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and ASP.NET Core 1.0, 1.1, 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A denial of service vulnerability exists when .NET Core and ASP.NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core and ASP.NET Core application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.
The update addresses the vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests.
**Affected Package and Binary updates**
Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
System.Private.Uri | 4.3.0, 4.3.1 | 4.3.2
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and 2.2. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
**Affected Package and Binary updates**
Package name | Vulnerable versions | Secure versions
------------ | ------------------- | -------------------------
Microsoft.AspNetCore.SignalR.Protocols.MessagePack | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4<br/>1.1.0 | 1.0.11<br/>1.1.5
Package name | Version |
---|---|
Microsoft.AspNetCore.All | 2.2.5 |
Microsoft.AspNetCore.App | 2.2.5 |
Microsoft.AspNetCore.AzureAppServices.HostingStartup | 2.2.5 |
Microsoft.AspNetCore.AzureAppServicesIntegration | 2.2.5 |
Microsoft.AspNetCore.DataProtection.StackExchangeRedis | 2.2.5 |
Microsoft.AspNetCore.Identity.UI | 2.2.5 |
Microsoft.AspNetCore.Mvc.Core | 2.2.5 |
Microsoft.AspNetCore.Mvc.RazorPages | 2.2.5 |
Microsoft.AspNetCore.SignalR.Protocols.MessagePack | 1.1.5 |
Microsoft.AspNetCore.SignalR.Redis | 1.1.5 |
Microsoft.AspNetCore.SignalR.StackExchangeRedis | 1.1.5 |
Microsoft.DotNet.Web.Client.ItemTemplates | 2.2.5 |
Microsoft.DotNet.Web.ItemTemplates | 2.2.5 |
Microsoft.DotNet.Web.ProjectTemplates.2.2 | 2.2.5 |
Microsoft.DotNet.Web.Spa.ProjectTemplates | 2.2.5 |
Microsoft.Extensions.Caching.StackExchangeRedis | 2.2.5 |
Microsoft.Extensions.Diagnostics.HealthChecks | 2.2.5 |
Microsoft.Extensions.Logging.AzureAppServices | 2.2.5 |
Microsoft.NETCore.App | 2.2.5 |
Microsoft.NETCore.DotNetAppHost | 2.2.5 |
Microsoft.NETCore.DotNetHost | 2.2.5 |
Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
Microsoft.NETCore.Platforms | 2.2.1 |
Microsoft.Windows.Compatibility | 2.1.1 |
runtime.linux-arm.Microsoft.NETCore.App | 2.2.5 |
runtime.linux-arm.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.linux-arm.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.linux-arm.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.linux-arm.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.linux-arm64.Microsoft.NETCore.App | 2.2.5 |
runtime.linux-arm64.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.linux-arm64.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.linux-arm64.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.linux-arm64.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.linux-musl-x64.Microsoft.NETCore.App | 2.2.5 |
runtime.linux-musl-x64.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.linux-x64.Microsoft.NETCore.App | 2.2.5 |
runtime.linux-x64.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.linux-x64.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.linux-x64.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.linux-x64.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.osx-x64.Microsoft.NETCore.App | 2.2.5 |
runtime.osx-x64.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.osx-x64.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.osx-x64.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.osx-x64.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.rhel.6-x64.Microsoft.NETCore.App | 2.2.5 |
runtime.rhel.6-x64.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.win-arm.Microsoft.NETCore.App | 2.2.5 |
runtime.win-arm.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.win-arm.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.win-arm.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.win-arm.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.win-arm64.Microsoft.NETCore.App | 2.2.5 |
runtime.win-arm64.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.win-arm64.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.win-arm64.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.win-arm64.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.win-x64.Microsoft.NETCore.App | 2.2.5 |
runtime.win-x64.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.win-x64.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.win-x64.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.win-x64.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
runtime.win-x86.Microsoft.NETCore.App | 2.2.5 |
runtime.win-x86.Microsoft.NETCore.DotNetAppHost | 2.2.5 |
runtime.win-x86.Microsoft.NETCore.DotNetHost | 2.2.5 |
runtime.win-x86.Microsoft.NETCore.DotNetHostPolicy | 2.2.5 |
runtime.win-x86.Microsoft.NETCore.DotNetHostResolver | 2.2.5 |
System.Data.SqlClient | 4.6.1 |