Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
2 contributors

Users who have contributed to this file

@leecow @jo-ninja
executable file 241 lines (191 sloc) 20.5 KB

.NET Core 2.2.7 Update - September 10, 2019

.NET Core 2.2.7 is available for download and usage in your environment. This release includes .NET Core 2.2.7, ASP.NET Core 2.2.7 and updates to the .NET Core SDK.

We've created an issue at dotnet/core #3345 for your questions and comments.

Lifecycle News

.NET Core 1.0 and 1.1 reached end of support lifecycle on June 27, 2019 and will no longer receive updates going forward. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.

See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

Downloads

SDK Installer1 SDK Binaries1 Runtime Installer Runtime Binaries ASP.NET Core Runtime
Windows x86 | x64 x86 | x64 | ARM x86 | x64 x86 | x64 | ARM x86 | x64 | ARM |
Hosting Bundle2
macOS x64 x64 x64 x64 x641
Linux See installations steps below x64 | ARM | ARM64 | x64 Alpine - x64 | ARM | ARM64 | x64 Alpine x641 | ARM1 | x64 Alpine1
RHEL6 - x64 - x64 -
Checksums SDK - Runtime - -
  1. Includes the .NET Core, ASP.NET Core Runtimes and the SDK compatible with Visual Studio 2017 (2.2.109).
  2. For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Core runtime.

Visual Studio Compatibility

The September Update for .NET Core 2.2 includes multiple SDK builds. If you are a Visual Studio 2019, Visual Studio 2017 or Visual Studio for Mac user, there are MSBuild version requirements that are satisfied by specific, matching .NET Core SDK versions. See the table below to select the correct download. Otherwise, the best version to download is 2.2.402.

OS Development Environment .NET Core SDK
Any supported Command line and/or Visual Studio Code 2.2.402
Windows Visual Studio 2019 version 16.2 2.2.402
Windows Visual Studio 2019 version 16.0 2.2.206
Windows Visual Studio 2017 2.2.109
MacOS Visual Studio for Mac Visual Studio for Mac .NET Core Support

Docker Images

The .NET Core Docker images have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in "Staying up-to-date with .NET Container Images".

The following repos have been updated

The images are expected to be available later today.

Azure AppServices

  • .NET Core 2.2.7 is being deployed to Azure App Services and the deployment is expected to complete later in Sept 2019.

Changes in 2.2.7

.NET Core 2.2.7 release carries both security and non-security fixes.

CVE-2019-1302: ASP.NET Core Elevation Of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of an elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security context of the logged-on user.

To exploit the vulnerability, an attacker could send a specially crafted email, containing a malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. However, in all cases to exploit this vulnerability a user must click a maliciously crafted link from an attacker.

The update addresses the vulnerability by correcting how the .NET Core web application handles content encoding and updates the application templates to depend on the corrected code libraries.

Affected Package and Binary updates

Package name Vulnerable versions Secure versions
Microsoft.AspNetCore.SpaServices 2.1.0-2.1.2
2.2.0
2.1.2
2.2.1

CVE-2019-1301: Denial of Service Vulnerability in .NET Core

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a denial of service vulnerability when .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.

The update addresses the vulnerability by correcting how the .NET Core web application handles web requests.

Affected Package and Binary updates

Package name Vulnerable versions Secure versions
System.Net.Sockets 4.3.0 4.3.1
Microsoft.NetCore.App 2.1.0 - 2.1.12
2.2.0 - 2.2.6
2.1.13
2.2.7

###CVE-2018-8269: Denial of Service Vulnerability in OData

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Microsoft is aware of a denial of service attack in the Microsoft OData library used in ASP.NET could cause a denial of service against an OData web application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the OData application.

The update addresses the vulnerability by updating the version of OData ASP.NET Core uses.

Affected Package and Binary updates

Package name Vulnerable versions Secure versions
Microsoft.AspNetCore.DataProtection.AzureStorage 2.1.0 - 2.1.12
2.2.0 - 2.2.6
2.1.13
2.2.7
Microsoft.Data.OData.dll < 5.8.4 5.8.5
Microsoft.AspNetCore.All 2.1.0 - 2.1.12
2.2.0 - 2.2.6
2.1.13
2.2.7

Additional fixes in this release

Packages updated in this release:

Package name Version
Microsoft.Data.OData.dll 5.8.4
microsoft.aspnetcore.all 2.2.7
microsoft.aspnetcore.app 2.2.7
microsoft.aspnetcore.dataprotection.azurestorage 2.2.7
microsoft.aspnetcore.hosting 2.2.7
microsoft.aspnetcore.spaservices 2.2.7
microsoft.dotnet.web.client.itemtemplates 2.2.7
microsoft.dotnet.web.itemtemplates 2.2.7
microsoft.dotnet.web.projecttemplates.2.2 2.2.7
microsoft.dotnet.web.spa.projecttemplates.2.2 2.2.7
System.Net.Sockets 4.3.1
microsoft.netcore.platforms 2.2.3
microsoft.netcore.app 2.2.7
microsoft.netcore.dotnetapphost 2.2.7
microsoft.netcore.dotnethost 2.2.7
microsoft.netcore.dotnethostpolicy 2.2.7
microsoft.netcore.dotnethostresolver 2.2.7
runtime.linux-arm.microsoft.netcore.app 2.2.7
runtime.linux-arm.microsoft.netcore.dotnetapphost 2.2.7
runtime.linux-arm.microsoft.netcore.dotnethost 2.2.7
runtime.linux-arm.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.linux-arm.microsoft.netcore.dotnethostresolver 2.2.7
runtime.linux-arm64.microsoft.netcore.app 2.2.7
runtime.linux-arm64.microsoft.netcore.dotnetapphost 2.2.7
runtime.linux-arm64.microsoft.netcore.dotnethost 2.2.7
runtime.linux-arm64.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.linux-arm64.microsoft.netcore.dotnethostresolver 2.2.7
runtime.linux-musl-x64.microsoft.netcore.app 2.2.7
runtime.linux-musl-x64.microsoft.netcore.dotnetapphost 2.2.7
runtime.linux-musl-x64.microsoft.netcore.dotnethost 2.2.7
runtime.linux-musl-x64.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.linux-musl-x64.microsoft.netcore.dotnethostresolver 2.2.7
runtime.linux-x64.microsoft.netcore.app 2.2.7
runtime.linux-x64.microsoft.netcore.dotnetapphost 2.2.7
runtime.linux-x64.microsoft.netcore.dotnethost 2.2.7
runtime.linux-x64.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.linux-x64.microsoft.netcore.dotnethostresolver 2.2.7
runtime.osx-x64.microsoft.netcore.app 2.2.7
runtime.osx-x64.microsoft.netcore.dotnetapphost 2.2.7
runtime.osx-x64.microsoft.netcore.dotnethost 2.2.7
runtime.osx-x64.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.osx-x64.microsoft.netcore.dotnethostresolver 2.2.7
runtime.rhel.6-x64.microsoft.netcore.app 2.2.7
runtime.rhel.6-x64.microsoft.netcore.dotnetapphost 2.2.7
runtime.rhel.6-x64.microsoft.netcore.dotnethost 2.2.7
runtime.rhel.6-x64.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.rhel.6-x64.microsoft.netcore.dotnethostresolver 2.2.7
runtime.win-arm.microsoft.netcore.app 2.2.7
runtime.win-arm.microsoft.netcore.dotnetapphost 2.2.7
runtime.win-arm.microsoft.netcore.dotnethost 2.2.7
runtime.win-arm.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.win-arm.microsoft.netcore.dotnethostresolver 2.2.7
runtime.win-arm64.microsoft.netcore.app 2.2.7
runtime.win-arm64.microsoft.netcore.dotnetapphost 2.2.7
runtime.win-arm64.microsoft.netcore.dotnethost 2.2.7
runtime.win-arm64.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.win-arm64.microsoft.netcore.dotnethostresolver 2.2.7
runtime.win-x64.microsoft.netcore.app 2.2.7
runtime.win-x64.microsoft.netcore.dotnetapphost 2.2.7
runtime.win-x64.microsoft.netcore.dotnethost 2.2.7
runtime.win-x64.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.win-x64.microsoft.netcore.dotnethostresolver 2.2.7
runtime.win-x86.microsoft.netcore.app 2.2.7
runtime.win-x86.microsoft.netcore.dotnetapphost 2.2.7
runtime.win-x86.microsoft.netcore.dotnethost 2.2.7
runtime.win-x86.microsoft.netcore.dotnethostpolicy 2.2.7
runtime.win-x86.microsoft.netcore.dotnethostresolver 2.2.7
You can’t perform that action at this time.