-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
34 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# ASP.NET Core 2.1.39 Update - July 11, 2023 | ||
|
||
The ASP.NET Core 2.1.39 is available to download. These updated installers include improved localization strings, but no functional changes. | ||
Asp.net 2.1 is still in support based on the policy at https://dotnet.microsoft.com/en-us/platform/support/policy/aspnet | ||
|
||
|
||
## Downloads | ||
|
||
| ASP.NET Core Runtime | ASP.NET Core Zips | Hosting Bundle | | ||
| :-----------------: | :-----------------: |:-----------------: | | ||
[Windows x86][aspnetcore-runtime-win-x86.exe] \| [Windows x64][aspnetcore-runtime-win-x64.exe] \| | [Windows x86][aspnetcore-runtime-win-x86.zip] \| [Windows x64][aspnetcore-runtime-win-x64.zip] | [Windows Hosting Bundle][dotnet-hosting-win.exe]<sup>2</sup> | ||
|
||
|
||
|
||
|
||
## Notable Changes | ||
|
||
ASP.NET Core 2.1.39 release carries security security fixes. | ||
|
||
[CVE-2023-33170 - .NET Security Feature Bypass Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170) | ||
|
||
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. | ||
|
||
A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. | ||
|
||
|
||
[//]: # ( ASP 2.1.39) | ||
|
||
[aspnetcore-runtime-win-x64.exe]: https://download.visualstudio.microsoft.com/download/pr/876d716b-aee8-4633-9aab-6d8ecb3ad338/9a14849df68d935e153270c2b9b1103a/aspnetcore-runtime-2.1.39-win-x64.exe | ||
[aspnetcore-runtime-win-x64.zip]: https://download.visualstudio.microsoft.com/download/pr/2a4e7590-db76-4d0e-af9c-9817e7cb19c2/63887df128a4c800b2cb8c70ee36198a/aspnetcore-runtime-2.1.39-win-x64.zip | ||
[aspnetcore-runtime-win-x86.exe]: https://download.visualstudio.microsoft.com/download/pr/0141e9b8-dc07-4bcf-93ac-fd8602135602/c1d342fb2fa7696ec8f84d01b97dde08/aspnetcore-runtime-2.1.39-win-x86.exe | ||
[aspnetcore-runtime-win-x86.zip]: https://download.visualstudio.microsoft.com/download/pr/c96dc0d2-7449-4770-8e2a-d9e9febbcfd8/eef49c177687acd0bc0e88d96401f6f4/aspnetcore-runtime-2.1.39-win-x86.zip | ||
[dotnet-hosting-win.exe]: https://download.visualstudio.microsoft.com/download/pr/3e7b11e8-f269-4f56-ad8a-95e690bf50cf/267c2e0e1374f3eb4ce46f195ad9c12f/dotnet-hosting-2.1.39-win.exe | ||
|