2 min read

This month, during the Microsoft Build 2019, the team behind .NET Core announced that .NET Core 5 will be coming in 2020. Yesterday the team at .NET Core released the .NET Core May 2019 updates for 1.0.16, 1.1.14, 2.1.11 and 2.2.5. The updates include security, reliability fixes, and updated packages.

Expected updates in .NET Core

Security

.NET Core Tampering Vulnerability(CVE-2019-0820)

When .NET Core improperly processes RegEx strings, a denial of service vulnerability exists. In this case, the attacker who can successfully exploit this vulnerability can cause a denial of service against a .NET application. Even a remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to a .NET Core application.

This update addresses this vulnerability by correcting how .NET Core applications handle RegEx string processing.

This security advisory provides information about a vulnerability in .NET Core 1.0, 1.1, 2.1 and 2.2.

Denial of Service vulnerability in .NET Core and ASP.NET Core (CVE-2019-0980 & CVE-2019-0981)

When .NET Core and ASP.NET Core improperly handle web requests, denial of service vulnerability exists. An attacker who can successfully exploit this vulnerability can cause a denial of service against a .NET Core and ASP.NET Core application. This vulnerability can be exploited remotely and without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to a .NET Core application.

This update addresses this vulnerability by correcting how .NET Core and ASP.NET Core web applications handle web requests.

This security advisory provides information about the two vulnerabilities (CVE-2019-0980 & CVE-2019-0981) in .NET Core and ASP.NET Core 1.0, 1.1, 2.1, and 2.2.

ASP.NET Core Denial of Service vulnerability(CVE-2019-0982)

When ASP.NET Core improperly handles web requests, a denial of service vulnerability exists. An attacker who can successfully exploit this vulnerability can cause a denial of service against an ASP.NET Core web application. This vulnerability can be exploited remotely and without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.

This update addresses this vulnerability by correcting how the ASP.NET Core web application handles web requests.

This security advisory provides information about a vulnerability (CVE-2019-0982) in ASP.NET Core 2.1 and 2.2.

Docker images

.NET Docker images have now been updated. microsoft/dotnet, microsoft/dotnet-samples, and microsoft/aspnetcore repos have also been updated.

Users can get the latest .NET Core updates on the .NET Core download page.

To know more about this news, check out the official announcement.

Read Next

.NET 5 arriving in 2020!

Docker announces collaboration with Microsoft’s .NET at DockerCon 2019

.NET for Apache Spark Preview is out now!