Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and .NET native version 2.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a denial of service vulnerability that exists when .NET Framework and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework, .NET Core, or .NET native application.
The update addresses the vulnerability by correcting how .NET Framework, .NET Core, and .NET native applications handle XML document processing.
If your application is an ASP.NET Core application, developers are also advised to update to ASP.NET Core 2.0.8.
.NET Core 2.1 RC 1 includes these fixes. No update is required for .NET Core 2.1 RC 1.
You can always download the latest version of .NET Core at .NET Downloads.
.NET Docker images have been updated for today’s release. The following repos have been updated.
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.
The last few .NET Core updates follow: