Skip to content
Permalink
Branch: master
Find file Copy path
2 contributors

Users who have contributed to this file

@vivmishra @leecow
182 lines (150 sloc) 17.1 KB

.NET Core 2.1.9 Update - March 12, 2019

.NET Core 2.1.9 is available for download and usage in your environment. This release includes .NET Core 2.1.9, ASP.NET Core 2.1.9 and .NET Core SDK 2.1.505.

We've created an issue at dotnet/core #2432 for your questions and comments.

Downloads

SDK Installer1 SDK Binaries1 Runtime Installer Runtime Binaries ASP.NET Core Runtime
Windows x86 | x64 x86 | x64 x86 | x64 x86 | x64 x86 | x64
Hosting Bundle2
macOS x64 x64 x64 x64 x641
Linux See installations steps below x64 | ARM | ARM64 | x64 Alpine - x64 | ARM | ARM64 | x64 Alpine] x641 | ARM321 | x64 Alpine1
RHEL6 - x64 - x64 -
Checksums SDK - Runtime - -
Symbols CLI | SDK - Runtime | Shared Framework | Setup - ASP.NET Core
  1. Includes the .NET Core and ASP.NET Core Runtimes
  2. For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Core runtime.

Docker Images

The .NET Core Docker images have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in "Staying up-to-date with .NET Container Images".

The following repos have been updated

Azure AppServices

  • .NET Core 2.1.9 is being deployed to Azure App Services and the deployment is expected to complete in a couple of days.

.NET Core Lifecycle News

There are no changes this month in OS version support status.

.NET Core 1.0 and 1.1, which entered "Maintenance" support status when 2.1 was declared LTS, will be end-of-life June 27, 2019. Updates for the 1.0 and 1.1 channels will no longer be offered after that date. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.

See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

Changes in 2.1.9

.NET Core 2.1.9 release carries both security and non-security fixes.

  • CVE-2019-0657: .NET Core NuGet Tampering Vulnerability

    A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.

    The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine.

    Affected Package and Binary updates

    Package name Vulnerable versions Secure versions
    Nuget.Packaging 4.9.0 – 4.9.3 4.9.4

Additional fixes in this release

Packages updated in this release:

Package name Version
Microsoft.AspNetCore.All 2.1.9
Microsoft.AspNetCore.App 2.1.9
Microsoft.NETCore.App 2.1.9
Microsoft.NETCore.DotNetAppHost 2.1.9
Microsoft.NETCore.DotNetHost 2.1.9
Microsoft.NETCore.DotNetHostPolicy 2.1.9
Microsoft.NETCore.DotNetHostResolver 2.1.9
Microsoft.NETCore.Platforms 2.1.3
runtime.linux-arm.Microsoft.NETCore.App 2.1.9
runtime.linux-arm.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.linux-arm.Microsoft.NETCore.DotNetHost 2.1.9
runtime.linux-arm.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.linux-arm.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.linux-arm64.Microsoft.NETCore.App 2.1.9
runtime.linux-arm64.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.linux-arm64.Microsoft.NETCore.DotNetHost 2.1.9
runtime.linux-arm64.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.linux-arm64.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.linux-musl-x64.Microsoft.NETCore.App 2.1.9
runtime.linux-musl-x64.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHost 2.1.9
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.linux-x64.Microsoft.NETCore.App 2.1.9
runtime.linux-x64.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.linux-x64.Microsoft.NETCore.DotNetHost 2.1.9
runtime.linux-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.linux-x64.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.osx-x64.Microsoft.NETCore.App 2.1.9
runtime.osx-x64.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.osx-x64.Microsoft.NETCore.DotNetHost 2.1.9
runtime.osx-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.osx-x64.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.rhel.6-x64.Microsoft.NETCore.App 2.1.9
runtime.rhel.6-x64.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHost 2.1.9
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.win-arm.Microsoft.NETCore.App 2.1.9
runtime.win-arm.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.win-arm.Microsoft.NETCore.DotNetHost 2.1.9
runtime.win-arm.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.win-arm.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.win-arm64.Microsoft.NETCore.App 2.1.9
runtime.win-arm64.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.win-arm64.Microsoft.NETCore.DotNetHost 2.1.9
runtime.win-arm64.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.win-arm64.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.win-x64.Microsoft.NETCore.App 2.1.9
runtime.win-x64.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.win-x64.Microsoft.NETCore.DotNetHost 2.1.9
runtime.win-x64.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.win-x64.Microsoft.NETCore.DotNetHostResolver 2.1.9
runtime.win-x86.Microsoft.NETCore.App 2.1.9
runtime.win-x86.Microsoft.NETCore.DotNetAppHost 2.1.9
runtime.win-x86.Microsoft.NETCore.DotNetHost 2.1.9
runtime.win-x86.Microsoft.NETCore.DotNetHostPolicy 2.1.9
runtime.win-x86.Microsoft.NETCore.DotNetHostResolver 2.1.9
System.Security.Cryptography.OpenSsl 4.5.1
You can’t perform that action at this time.