Microsoft heeft .Net Core versies 2.1.2, 2.0.9, 1.1.9 en 1.0.12 uitgegeven. Dit is een modulair platform voor het maken van webapplicaties en services die draaien op Linux, macOS en Windows. Het maakt natuurlijk gebruik van .Net en je kunt het vergelijken met Node.js of Go. Het geheel wordt onder een mix van MIT-, Apache 2- en CC BY 4.0-licenties uitgegeven. Deze uitgaven zijn voorzien van de volgende aankondiging op het .Net Blog:
.NET Core July 2018 Update
Today, we are releasing the .NET Core July 2018 Update. This update includes .NET Core 1.0.12, .NET Core 1.1.9, .NET Core 2.0.9 and .NET Core 2.1.2.
Security:
.NET Core Security Feature Bypass Vulnerability (CVE-2018-8356)
Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who successfully exploited this vulnerability could present an expired certificate when challenged. The update addresses the vulnerability by correcting how .NET Core applications handle certificate validation.
ASP.NET Core Security Feature Bypass Vulnerability (CVE-2018-8171)
Microsoft is aware of a security feature bypass in ASP.NET Core when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts. The update addresses the vulnerability by correcting how ASP.NET Core validates the number of incorrect login attempts.
ASP.NET Core Denial Of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.0 and 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack. The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.