.NET Core 2.2.7 is available for download and usage in your environment. This release includes .NET Core 2.2.7, ASP.NET Core 2.2.7 and updates to the .NET Core SDK.
We've created an issue at dotnet/core #3345 for your questions and comments.
.NET Core 1.0 and 1.1 reached end of support lifecycle on June 27, 2019 and will no longer receive updates going forward. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.
See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.
SDK Installer1 | SDK Binaries1 | Runtime Installer | Runtime Binaries | ASP.NET Core Runtime | |
---|---|---|---|---|---|
Windows | x86 | x64 | x86 | x64 | ARM | x86 | x64 | x86 | x64 | ARM | x86 | x64 | ARM | Hosting Bundle2 |
macOS | x64 | x64 | x64 | x64 | x641 |
Linux | See installations steps below | x64 | ARM | ARM64 | x64 Alpine | - | x64 | ARM | ARM64 | x64 Alpine | x641 | ARM1 | x64 Alpine1 |
RHEL6 | - | x64 | - | x64 | - |
Checksums | SDK | - | Runtime | - | - |
- Includes the .NET Core, ASP.NET Core Runtimes and the SDK compatible with Visual Studio 2017 (2.2.109).
- For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Core runtime.
The September Update for .NET Core 2.2 includes multiple SDK builds. If you are a Visual Studio 2019, Visual Studio 2017 or Visual Studio for Mac user, there are MSBuild version requirements that are satisfied by specific, matching .NET Core SDK versions. See the table below to select the correct download. Otherwise, the best version to download is 2.2.402.
OS | Development Environment | .NET Core SDK |
---|---|---|
Any supported | Command line and/or Visual Studio Code | 2.2.402 |
Windows | Visual Studio 2019 version 16.2 | 2.2.402 |
Windows | Visual Studio 2019 version 16.0 | 2.2.206 |
Windows | Visual Studio 2017 | 2.2.109 |
MacOS | Visual Studio for Mac | Visual Studio for Mac .NET Core Support |
The .NET Core Docker images have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in "Staying up-to-date with .NET Container Images".
The following repos have been updated
- dotnet/core/runtime
- dotnet/core/sdk
- and others
The images are expected to be available later today.
- .NET Core 2.2.7 is being deployed to Azure App Services and the deployment is expected to complete later in Sept 2019.
.NET Core 2.2.7 release carries both security and non-security fixes.
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of an elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security context of the logged-on user.
To exploit the vulnerability, an attacker could send a specially crafted email, containing a malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. However, in all cases to exploit this vulnerability a user must click a maliciously crafted link from an attacker.
The update addresses the vulnerability by correcting how the .NET Core web application handles content encoding and updates the application templates to depend on the corrected code libraries.
Affected Package and Binary updates
Package name | Vulnerable versions | Secure versions |
---|---|---|
Microsoft.AspNetCore.SpaServices | 2.1.0-2.1.2 2.2.0 |
2.1.2 2.2.1 |
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a denial of service vulnerability when .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.
The update addresses the vulnerability by correcting how the .NET Core web application handles web requests.
Affected Package and Binary updates
Package name | Vulnerable versions | Secure versions |
---|---|---|
System.Net.Sockets | 4.3.0 | 4.3.1 |
Microsoft.NetCore.App | 2.1.0 - 2.1.12 2.2.0 - 2.2.6 |
2.1.13 2.2.7 |
###CVE-2018-8269: Denial of Service Vulnerability in OData
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a denial of service attack in the Microsoft OData library used in ASP.NET could cause a denial of service against an OData web application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the OData application.
The update addresses the vulnerability by updating the version of OData ASP.NET Core uses.
Affected Package and Binary updates
Package name | Vulnerable versions | Secure versions |
---|---|---|
Microsoft.AspNetCore.DataProtection.AzureStorage | 2.1.0 - 2.1.12 2.2.0 - 2.2.6 |
2.1.13 2.2.7 |
Microsoft.Data.OData.dll | < 5.8.4 | 5.8.5 |
Microsoft.AspNetCore.All | 2.1.0 - 2.1.12 2.2.0 - 2.2.6 |
2.1.13 2.2.7 |
Package name | Version |
---|---|
Microsoft.Data.OData.dll | 5.8.4 |
microsoft.aspnetcore.all | 2.2.7 |
microsoft.aspnetcore.app | 2.2.7 |
microsoft.aspnetcore.dataprotection.azurestorage | 2.2.7 |
microsoft.aspnetcore.hosting | 2.2.7 |
microsoft.aspnetcore.spaservices | 2.2.7 |
microsoft.dotnet.web.client.itemtemplates | 2.2.7 |
microsoft.dotnet.web.itemtemplates | 2.2.7 |
microsoft.dotnet.web.projecttemplates.2.2 | 2.2.7 |
microsoft.dotnet.web.spa.projecttemplates.2.2 | 2.2.7 |
System.Net.Sockets | 4.3.1 |
microsoft.netcore.platforms | 2.2.3 |
microsoft.netcore.app | 2.2.7 |
microsoft.netcore.dotnetapphost | 2.2.7 |
microsoft.netcore.dotnethost | 2.2.7 |
microsoft.netcore.dotnethostpolicy | 2.2.7 |
microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.linux-arm.microsoft.netcore.app | 2.2.7 |
runtime.linux-arm.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.linux-arm.microsoft.netcore.dotnethost | 2.2.7 |
runtime.linux-arm.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.linux-arm.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.linux-arm64.microsoft.netcore.app | 2.2.7 |
runtime.linux-arm64.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.linux-arm64.microsoft.netcore.dotnethost | 2.2.7 |
runtime.linux-arm64.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.linux-arm64.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.linux-musl-x64.microsoft.netcore.app | 2.2.7 |
runtime.linux-musl-x64.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.linux-musl-x64.microsoft.netcore.dotnethost | 2.2.7 |
runtime.linux-musl-x64.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.linux-musl-x64.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.linux-x64.microsoft.netcore.app | 2.2.7 |
runtime.linux-x64.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.linux-x64.microsoft.netcore.dotnethost | 2.2.7 |
runtime.linux-x64.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.linux-x64.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.osx-x64.microsoft.netcore.app | 2.2.7 |
runtime.osx-x64.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.osx-x64.microsoft.netcore.dotnethost | 2.2.7 |
runtime.osx-x64.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.osx-x64.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.rhel.6-x64.microsoft.netcore.app | 2.2.7 |
runtime.rhel.6-x64.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.rhel.6-x64.microsoft.netcore.dotnethost | 2.2.7 |
runtime.rhel.6-x64.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.rhel.6-x64.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.win-arm.microsoft.netcore.app | 2.2.7 |
runtime.win-arm.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.win-arm.microsoft.netcore.dotnethost | 2.2.7 |
runtime.win-arm.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.win-arm.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.win-arm64.microsoft.netcore.app | 2.2.7 |
runtime.win-arm64.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.win-arm64.microsoft.netcore.dotnethost | 2.2.7 |
runtime.win-arm64.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.win-arm64.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.win-x64.microsoft.netcore.app | 2.2.7 |
runtime.win-x64.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.win-x64.microsoft.netcore.dotnethost | 2.2.7 |
runtime.win-x64.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.win-x64.microsoft.netcore.dotnethostresolver | 2.2.7 |
runtime.win-x86.microsoft.netcore.app | 2.2.7 |
runtime.win-x86.microsoft.netcore.dotnetapphost | 2.2.7 |
runtime.win-x86.microsoft.netcore.dotnethost | 2.2.7 |
runtime.win-x86.microsoft.netcore.dotnethostpolicy | 2.2.7 |
runtime.win-x86.microsoft.netcore.dotnethostresolver | 2.2.7 |