Skip to main content

ASP.Net Core 1.1 DOS Vulnerability



January 2017 Update for ASP.NET Core 1.1












Yesterday, Microsoft released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service. 

Affected Software

The vulnerability affects any Microsoft ASP.NET Core project if it uses the following affected package version.
Affected package and version
Package name
Package version
Microsoft.AspNetCore.Mvc.Core
1.1.0

Advisory FAQ

How do I know if I am affected?
ASP.NET Core has two different types of dependencies, direct and transitive. If your project has a direct or transitive dependency on Microsoft.AspNetCore.Mvc.Core version 1.1.0 you are affected.
Full details of the advisory can be found here: https://technet.microsoft.com/en-us/library/security/4010983
Further details on how to obtain the update and instructions for install can be found on the .Net Core Blog: https://blogs.msdn.microsoft.com/dotnet/
Although we are so excited about cross platform development with our favourite tooling and embracing .Net Core, it keeps us mindful that we are still in the early stages of the journey and should consider carefully when choosing whether now is the right time to embark on a full blown production adoption for enterprise wide solutions.



Comments

  1. Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a .Net developer learn from .Net Core Training in Chennai. or learn thru .Net Core Training in Chennai.

    ReplyDelete
  2. Its very informative blog and useful article thank you for sharing with us , keep posting learn
    more about .NET Online Course Hyderabad

    ReplyDelete

Post a Comment

Popular posts from this blog

.Net TDD (Test Driven Development) by example - Part 1


Introduction In part 1 of this mini-series, we will develop a trivial business logic layer from scratch with a TDD approach with the goal of achieving the following:

Better code quality through Red, Green, RefactorDocumentation that grows as we develop and remains up to dateAutomatic regression test harness
This will primarily involve creating unit testsfirst, having them fail, making them pass and then refactoring the code to be of better quality and then re-running the tests. When using tools such as resharper to aid in refactoring code, having the tests in place right from the beginning really gives you peace of mind that you haven't broken anything. It also helps the thought processes while designing and developing an application or feature to be more targeted.

We will further develop the application in part 2 to add an MVC4 web client and continue the TDD story... 


Some BackgroundTest First or Test Driven development is a valuable software engineering practice. It c…

Azure Devops - Pull Request Merge Conflicts

Before a Git pull request can complete, any conflicts with the target branch must be resolved. Out of the box, at the time of writing this article, Azure DevOps requires this to be resolved locally. Following best practices to not allow direct commits to our release/master branches further exasperates the problem as we need to effectively clone the branch or go with a rebase approach, both of which break the natural flow of resolving the conflicts as part of the pull request.

With this extension, from the Microsoft DevLabs team via the Marketplace, you can resolve these conflicts online, as part of the pull request process, instead of being forced to break flow and resolve locally.




Online Experience After adding the extension the new conflicts tab is visible which enables conflict resolution in the familiar side by side review page as shown below:


Really nice extension, which should make resolving merge conflicts a much more straightforward part of the DevOps workflow. 

Additional - Ad…

Simple Git branching strategy for release cycles

Coming up with a branching strategy that works well can be challenging when working with multiple developers and managing release cycles. A simple approach is presented here to manage release cycles, with a small to medium sized team of developers while still being able to react to production issues and fix bugs. The primary goal being to isolate work streams without impacting development progress. BackgroundGit does not enforce any particular strategy when it comes to branching which is partly what makes it such a great and flexible repository. The problems start to arise though as you move into different stages of your development process. As an example, you have a release almost complete but don’t want to impede progress on the upcoming release cycle which is where the majority of effort is required. The Basic ApproachThe focus is around producing a release while still being able to react to hotfixes or production issues without impacting on going development of features. The branches…