From fc390937394cb07de59b0841041b2269c86a29fd Mon Sep 17 00:00:00 2001 From: Marc Paine Date: Fri, 10 Oct 2025 10:22:44 -0700 Subject: [PATCH 1/4] Add warning for untrusted .NET templates Added a warning about untrusted .NET templates. --- docs/core/tools/custom-templates.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/core/tools/custom-templates.md b/docs/core/tools/custom-templates.md index 1e416e93a8182..35305e7c09a57 100644 --- a/docs/core/tools/custom-templates.md +++ b/docs/core/tools/custom-templates.md @@ -230,6 +230,8 @@ project_folder Use the [dotnet new install](dotnet-new-install.md) command to install a template package. +[!WARNING] Templates can run msbuild code when triggering the template so do not install or run untrusted .NET templates. + ### To install a template package from a NuGet package stored at nuget.org Use the NuGet package identifier to install a template package. From 49258afed1b4233d4dd7da99d688f54553850b28 Mon Sep 17 00:00:00 2001 From: Marc Paine Date: Fri, 10 Oct 2025 16:19:45 -0700 Subject: [PATCH 2/4] Respond to PR feedback --- docs/core/tools/custom-templates.md | 2 +- docs/core/tools/dotnet-new-install.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/core/tools/custom-templates.md b/docs/core/tools/custom-templates.md index 35305e7c09a57..940a9a880b690 100644 --- a/docs/core/tools/custom-templates.md +++ b/docs/core/tools/custom-templates.md @@ -230,7 +230,7 @@ project_folder Use the [dotnet new install](dotnet-new-install.md) command to install a template package. -[!WARNING] Templates can run msbuild code when triggering the template so do not install or run untrusted .NET templates. +[!WARNING] Templates can run MSBuild code when triggered, do not install or run untrusted .NET templates. ### To install a template package from a NuGet package stored at nuget.org diff --git a/docs/core/tools/dotnet-new-install.md b/docs/core/tools/dotnet-new-install.md index bcdea99c306d2..997398ebc7943 100644 --- a/docs/core/tools/dotnet-new-install.md +++ b/docs/core/tools/dotnet-new-install.md @@ -11,6 +11,8 @@ ms.date: 04/15/2022 `dotnet new install` - installs a template package. +[!WARNING] Templates can run MSBuild code when triggered, do not install or run untrusted .NET templates. + ## Synopsis ```dotnetcli From 236454663dece75468313a0414c82465b11390fd Mon Sep 17 00:00:00 2001 From: Marc Paine Date: Mon, 13 Oct 2025 16:28:17 -0700 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: Meaghan Osagie (Lewis) --- docs/core/tools/custom-templates.md | 3 ++- docs/core/tools/dotnet-new-install.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/core/tools/custom-templates.md b/docs/core/tools/custom-templates.md index 940a9a880b690..cb4988c0319e9 100644 --- a/docs/core/tools/custom-templates.md +++ b/docs/core/tools/custom-templates.md @@ -230,7 +230,8 @@ project_folder Use the [dotnet new install](dotnet-new-install.md) command to install a template package. -[!WARNING] Templates can run MSBuild code when triggered, do not install or run untrusted .NET templates. +> [!WARNING] +> Templates can run MSBuild code when triggered, don't install or run untrusted .NET templates. ### To install a template package from a NuGet package stored at nuget.org diff --git a/docs/core/tools/dotnet-new-install.md b/docs/core/tools/dotnet-new-install.md index 997398ebc7943..f0365db4130b8 100644 --- a/docs/core/tools/dotnet-new-install.md +++ b/docs/core/tools/dotnet-new-install.md @@ -11,7 +11,8 @@ ms.date: 04/15/2022 `dotnet new install` - installs a template package. -[!WARNING] Templates can run MSBuild code when triggered, do not install or run untrusted .NET templates. +> [!WARNING] +> Templates can run MSBuild code when triggered, don't install or run untrusted .NET templates. ## Synopsis From 4da8dfb2b1b24e0ad04ec4e365bf91029818bdea Mon Sep 17 00:00:00 2001 From: Marc Paine Date: Mon, 13 Oct 2025 16:29:37 -0700 Subject: [PATCH 4/4] Move warning for untrusted .NET templates to description Reinstate warning about untrusted .NET templates. --- docs/core/tools/dotnet-new-install.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/core/tools/dotnet-new-install.md b/docs/core/tools/dotnet-new-install.md index f0365db4130b8..604c0d7896a37 100644 --- a/docs/core/tools/dotnet-new-install.md +++ b/docs/core/tools/dotnet-new-install.md @@ -11,9 +11,6 @@ ms.date: 04/15/2022 `dotnet new install` - installs a template package. -> [!WARNING] -> Templates can run MSBuild code when triggered, don't install or run untrusted .NET templates. - ## Synopsis ```dotnetcli @@ -45,6 +42,9 @@ Starting with .NET SDK 6.0.100, installed template packages are available in lat > dotnet new --install Microsoft.Azure.WebJobs.ProjectTemplates > ``` +> [!WARNING] +> Templates can run MSBuild code when triggered, don't install or run untrusted .NET templates. + ## Arguments - **``**