.NET Core 1.0.8, 1.1.5 and SDK 1.1.5 are available for download and usage in your environment.
After installing the .NET Core SDK 1.1.5, the following command will show that you’re running version 1.1.5 of the tools.
dotnet --version
Your feedback is important and appreciated. We’ve created dotnet/core #1082 for your questions and comments.
Deployment of the November 2017 Update on Azure AppServices is in process. Because AppServices is a high availability service, the deployment is carefully staged across regions over a period of time. Availability will begin in the West US 2 region today and gradually expand to all regions over the next few days.
Microsoft is releasing security advisories for .NET Core and ASP.NET Core. Details can be found in corresponding announcements in the .NET Core and ASP.NET Core repos.
Microsoft is aware of a security vulnerability in .NET Core 1.0, 1.1 and 2.0 where a malformed certificate or other ASN.1 formatted data could lead to a denial of service via an infinite loop on Linux and macOS.
System administrators are advised to update their .NET Core runtimes to versions 1.0.8, 1.1.5 and 2.0.1. Developers are advised to update their .NET Core SDK to version 2.0.3 or 1.1.5.
Microsoft is aware of a security vulnerability in ASP.NET Core 1.0 and 1.1 where Cross-Origin Resource Sharing (CORS) can be bypassed, leading to information disclosure.
Microsoft is aware of a security vulnerability in ASP.NET Core 2.0 where an Open Redirect exists, leading to Elevation Of Privilege.
Microsoft is aware of a security vulnerability in ASP.NET Core 1.0, 1.1 and 2.0 where the application is hosted through Windows Http.Sys where a malformed request can lead to a Denial Of Service.
The .NET Core Docker images have been updated for this release. Look for the 1.1.5 images.
[54f1cf6] Port to 1.0.0 - Fix passing struct with four floats in registers via reflection (#14392)[0ddcf7e] Fix resource lookup recursion issue (#13948)[254df57] Remove FreeBSD 10.1/OpenSuSE 13.2 and Fedora 23 (#13634)[686812c] rel/1.0.0: Fix ECDsa ExportParameters segfault (#24458)[88f43c3] Remove EOL’d OS’s openSuSE 13.2 and Fedora 23 have been EOL’d and are no longer usable/upgradeable in CI. (#23621)[ec5640f] Fix handling of flock in FileStream on Unix (#23235)[e13c1b0] Packaging updates to service X509Certificates[47d95a6] Simplify X509Chain building with OpenSSL[a077f83] add apfs introduced by OSX 10.13[3af071c] Prevent crash when Openssl’s PKCS12_parse function fails.[2820bd8] Convert literals to hex literals in k-nucleotide-9[2278610] Fix resource lookup recursion issue (#13945)[ad68ca9] Remove EOL openSuSE 42.1 (#13691)[0cb88b8] Remove FreeBSD 10.1/OpenSuSE 13.2 and Fedora 23 (#13635)[0ac7078] Port of https://github.com/dotnet/coreclr/pull/12795 to release/1.1.0 (#12942)[aff7844] Fix ECDsa ExportParameters segfault[617d183] Remove EOL openSuSE 42.1 (#23682)[3d76b76] Update CoreClr, CoreFx to servicing-25629-01, servicing-25629-01, respectively[374c767] Remove EOL’d OS’s openSuSE 13.2 and Fedora 23 (#23622)[144bfd9] Packaging updates to service X509Certificates[3a3dda9] Simplify X509Chain building with OpenSSL[710d628] Put System.Net.Http for servicing.[3d2debc] add apfs introduced in osx 10.13