Yesterday, Microsoft released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service.
The vulnerability affects any Microsoft ASP.NET Core project if it uses the following affected package version.
Affected package and version
How do I know if I am affected?
ASP.NET Core has two different types of dependencies, direct and transitive. If your project has a direct or transitive dependency on Microsoft.AspNetCore.Mvc.Core version 1.1.0 you are affected.
Although we are so excited about cross platform development with our favourite tooling and embracing .Net Core, it keeps us mindful that we are still in the early stages of the journey and should consider carefully when choosing whether now is the right time to embark on a full blown production adoption for enterprise wide solutions.