Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

244 lines (187 sloc) 19.3 KB

.NET Core 2.1.15 Update - January 14, 2020

.NET Core 2.1.15 is available for download and usage in your environment. This release includes .NET Core 2.1.15, ASP.NET Core 2.1.15 and the .NET Core SDK.

Your feedback is important and appreciated. We've created an issue at dotnet/core #4119 for your questions and comments.

Downloads

SDK Installer1 SDK Binaries1 Runtime Installer Runtime Binaries ASP.NET Core Runtime
Windows x86 | x64 x86 | x64 x86 | x64 x86 | x64 | ARM x86 | x64 |
Hosting Bundle2
macOS x64 x64 x64 x64 x641
Linux See installations steps below x64 | ARM | ARM64 | x64 Alpine - x64 | ARM | ARM64 | x64 Alpine x641 | ARM1 | x64 Alpine1
RHEL6 - x64 - x64 -
Checksums SDK - Runtime - -
  1. Includes the .NET Core and ASP.NET Core Runtimes
  2. For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Core runtime.

Visual Studio Compatibility

This update for .NET Core 2.1 includes multiple SDK builds. If you are a Visual Studio 2019, Visual Studio 2017 or Visual Studio for Mac user, there are MSBuild version requirements that are satisfied by specific, matching .NET Core SDK versions. See the table below to select the correct download.

OS Development Environment .NET Core SDK
Windows Visual Studio 2019 version 16.0 2.1.608
Windows Visual Studio 2017 2.1.511
MacOS Visual Studio for Mac Visual Studio for Mac .NET Core Support

Docker Images

The .NET Core Docker images have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in "Staying up-to-date with .NET Container Images".

The following repos have been updated

The images are expected to be available later today.

Azure AppServices

  • .NET Core 2.1.15 is being deployed to Azure App Services and the deployment is expected to complete later in January 2020.

.NET Core Lifecycle News

.NET Core 2.2 reached end of life on December 23, 2019. This means .NET Core 2.2 is no longer supported and updates will no longer be provided. We recommend moving to .NET Core 3.1, our long term support (LTS) release.

.NET Core 3.0 will reach end of life on March 3, 2020 which is 3 months after the release of .NET Core 3.1. You can view the Microsoft Support for .NET Core for more information about life-cycle of each product.

Fedora 29 has been out of support since November 29, 2019 and .NET Core no longer provides support for it.

Ubuntu 19.04 will be out of support on January 23, 2020.

See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

Changes in 2.1.15

.NET Core 2.1.15 release carries both security and non-security fixes.

CVE-2020-0602: ASP.NET Core Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.

The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

Affected Package and Binary updates

Package name Vulnerable versions Secure versions
Microsoft.AspNetCore.Http.Connections 1.0.0 - 1.0.4 1.0.15
Microsoft.AspNetCore.App 2.1.0 - 2.1.14
3.0.0
3.1.0
2.1.15
3.0.1
3.1.1
Microsoft.AspNetCore.All 2.1.0 - 2.1.14 2.0.15

CVE-2020-0603: ASP.NET Core Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.

The update addresses the vulnerability by correcting how the ASP.NET Core web application handles in memory.

Affected Package and Binary updates

Package name Vulnerable versions Secure versions
Microsoft.AspNetCore.Http.Connections 1.0.0 - 1.0.4 1.0.15
Microsoft.AspNetCore.App 2.1.0 - 2.1.14
3.0.0
3.1.0
2.1.15
3.0.1
3.1.1
Microsoft.AspNetCore.All 2.1.0 - 2.1.14 2.1.15

Additional fixes in this release

Packages updated in this release:

Package name Version
Microsoft.AspNetCore.All 2.1.15
Microsoft.AspNetCore.App 2.1.15
Microsoft.AspNetCore.Http.Connections 1.0.15
Microsoft.AspNetCore.SignalR.Core 1.0.15
Microsoft.DotNet.Web.Client.ItemTemplates 2.1.15
Microsoft.DotNet.Web.ItemTemplates 2.1.15
Microsoft.DotNet.Web.ProjectTemplates.2.1 2.1.15
Microsoft.DotNet.Web.Spa.ProjectTemplates.2.1 2.1.15
Microsoft.NETCore.App 2.1.15
Microsoft.NETCore.DotNetAppHost 2.1.15
Microsoft.NETCore.DotNetHost 2.1.15
Microsoft.NETCore.DotNetHostPolicy 2.1.15
Microsoft.NETCore.DotNetHostResolver 2.1.15
Microsoft.NETCore.Platforms 2.1.7
runtime.linux-arm.Microsoft.NETCore.App 2.1.15
runtime.linux-arm.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.linux-arm.Microsoft.NETCore.DotNetHost 2.1.15
runtime.linux-arm.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.linux-arm.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.linux-arm64.Microsoft.NETCore.App 2.1.15
runtime.linux-arm64.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.linux-arm64.Microsoft.NETCore.DotNetHost 2.1.15
runtime.linux-arm64.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.linux-arm64.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.linux-musl-x64.Microsoft.NETCore.App 2.1.15
runtime.linux-musl-x64.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHost 2.1.15
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.linux-x64.Microsoft.NETCore.App 2.1.15
runtime.linux-x64.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.linux-x64.Microsoft.NETCore.DotNetHost 2.1.15
runtime.linux-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.linux-x64.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.osx-x64.Microsoft.NETCore.App 2.1.15
runtime.osx-x64.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.osx-x64.Microsoft.NETCore.DotNetHost 2.1.15
runtime.osx-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.osx-x64.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.rhel.6-x64.Microsoft.NETCore.App 2.1.15
runtime.rhel.6-x64.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHost 2.1.15
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.win-arm.Microsoft.NETCore.App 2.1.15
runtime.win-arm.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.win-arm.Microsoft.NETCore.DotNetHost 2.1.15
runtime.win-arm.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.win-arm.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.win-arm64.Microsoft.NETCore.App 2.1.15
runtime.win-arm64.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.win-arm64.Microsoft.NETCore.DotNetHost 2.1.15
runtime.win-arm64.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.win-arm64.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.win-x64.Microsoft.NETCore.App 2.1.15
runtime.win-x64.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.win-x64.Microsoft.NETCore.DotNetHost 2.1.15
runtime.win-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.win-x64.Microsoft.NETCore.DotNetHostResolver 2.1.15
runtime.win-x86.Microsoft.NETCore.App 2.1.15
runtime.win-x86.Microsoft.NETCore.DotNetAppHost 2.1.15
runtime.win-x86.Microsoft.NETCore.DotNetHost 2.1.15
runtime.win-x86.Microsoft.NETCore.DotNetHostPolicy 2.1.15
runtime.win-x86.Microsoft.NETCore.DotNetHostResolver 2.1.15
System.Security.Cryptography.Cng 4.5.
VS.Redist.Common.NetCore.HostFXR.x64.2.1 2.1.15
VS.Redist.Common.NetCore.HostFXR.x86.2.1 2.1.15
VS.Redist.Common.NetCore.SharedFramework.x64.2.1 2.1.15
VS.Redist.Common.NetCore.SharedFramework.x86.2.1 2.1.15
VS.Redist.Common.NetCore.SharedHost.x64.2.1 2.1.15
VS.Redist.Common.NetCore.SharedHost.x86.2.1 2.1.15
You can’t perform that action at this time.