core

.NET Core 2.2.3 Update - March 12, 2019

.NET Core 2.2.3 is available for download and usage in your environment. This release includes .NET Core 2.2.3, ASP.NET Core 2.2.3 and .NET Core SDK 2.2.105.

• Blog Post
• Downloads
• Changes in this release
• .NET Core Lifecycle News
• Known Issues

We’ve created an issue at dotnet/core #2432 for your questions and comments.

Downloads

	SDK Installer1	SDK Binaries1	Runtime Installer	Runtime Binaries	ASP.NET Core Runtime
Windows	x86 | x64	x86 | x64	x86 | x64	x86 | x64	x86 | x64 Hosting Bundle2
macOS	x64	x64	x64	x64	x641
Linux	See installations steps below	x64 | ARM | ARM64 | x64 Alpine	-	x64 | ARM | ARM64 | x64 Alpine]	x641 | ARM321 | x64 Alpine1
RHEL6	-	x64	-	x64	-
Checksums	SDK	-	Runtime	-	-
Symbols	CLI | SDK	-	Runtime | Shared Framework | Setup	-	ASP.NET Core

1. Includes the .NET Core and ASP.NET Core Runtimes
2. For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Core runtime.

Docker Images

The .NET Core Docker images have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in “Staying up-to-date with .NET Container Images”.

The following repos have been updated

• microsoft/dotnet
• microsoft/dotnet-samples

Azure AppServices

• .NET Core 2.2.3 is being deployed to Azure App Services and the deployment is expected to complete in a couple of days.

.NET Core Lifecycle News

There are no changes this month in OS version support status.

.NET Core 1.0 and 1.1, which entered “Maintenance” support status when 2.1 was declared LTS, will be end-of-life June 27, 2019. Updates for the 1.0 and 1.1 channels will no longer be offered after that date. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.

See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

Changes in 2.2.3

.NET Core 2.2.3 release carries both security and non-security fixes.

• CVE-2019-0657: .NET Core NuGet Tampering Vulnerability

  A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.

  The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine.

  Affected Package and Binary updates

  Package name	Vulnerable versions	Secure versions
  Nuget.Packaging	4.9.0 – 4.9.3	4.9.4

Additional fixes in this release

• CoreCLR
• CoreFX
• ASP.NETCore
• EntityFrameworkCore

Packages updated in this release:

Package name	Version
dotnet-ef	2.2.3
Microsoft.AspNetCore.All	2.2.3
Microsoft.AspNetCore.App	2.2.3
Microsoft.Data.Sqlite	2.2.3
Microsoft.Data.Sqlite.Core	2.2.3
Microsoft.DotNet.Web.Client.ItemTemplates	2.2.3
Microsoft.DotNet.Web.ItemTemplates	2.2.3
Microsoft.DotNet.Web.ProjectTemplates.2.2	2.2.3
Microsoft.DotNet.Web.Spa.ProjectTemplates	2.2.3
Microsoft.EntityFrameworkCore	2.2.3
Microsoft.EntityFrameworkCore.Abstractions	2.2.3
Microsoft.EntityFrameworkCore.Analyzers	2.2.3
Microsoft.EntityFrameworkCore.Design	2.2.3
Microsoft.EntityFrameworkCore.InMemory	2.2.3
Microsoft.EntityFrameworkCore.Proxies	2.2.3
Microsoft.EntityFrameworkCore.Relational	2.2.3
Microsoft.EntityFrameworkCore.Relational.Specification.Tests	2.2.3
Microsoft.EntityFrameworkCore.Specification.Tests	2.2.3
Microsoft.EntityFrameworkCore.Sqlite	2.2.3
Microsoft.EntityFrameworkCore.Sqlite.Core	2.2.3
Microsoft.EntityFrameworkCore.Sqlite.NetTopologySuite	2.2.3
Microsoft.EntityFrameworkCore.SqlServer	2.2.3
Microsoft.EntityFrameworkCore.SqlServer.NetTopologySuite	2.2.3
Microsoft.EntityFrameworkCore.Tools	2.2.3
Microsoft.NET.Build.Extensions	2.2.101
Microsoft.NET.Sdk	2.2.101
Microsoft.NETCore.App	2.2.3
Microsoft.NETCore.DotNetAppHost	2.2.3
Microsoft.NETCore.DotNetHost	2.2.3
Microsoft.NETCore.DotNetHostPolicy	2.2.3
Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.linux-arm.Microsoft.NETCore.App	2.2.3
runtime.linux-arm.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.linux-arm.Microsoft.NETCore.DotNetHost	2.2.3
runtime.linux-arm.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.linux-arm.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.linux-arm64.Microsoft.NETCore.App	2.2.3
runtime.linux-arm64.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.linux-arm64.Microsoft.NETCore.DotNetHost	2.2.3
runtime.linux-arm64.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.linux-arm64.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.linux-musl-x64.Microsoft.NETCore.App	2.2.3
runtime.linux-musl-x64.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHost	2.2.3
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.linux-musl-x64.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.linux-x64.Microsoft.NETCore.App	2.2.3
runtime.linux-x64.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.linux-x64.Microsoft.NETCore.DotNetHost	2.2.3
runtime.linux-x64.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.linux-x64.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.osx-x64.Microsoft.NETCore.App	2.2.3
runtime.osx-x64.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.osx-x64.Microsoft.NETCore.DotNetHost	2.2.3
runtime.osx-x64.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.osx-x64.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.rhel.6-x64.Microsoft.NETCore.App	2.2.3
runtime.rhel.6-x64.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHost	2.2.3
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.rhel.6-x64.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.win-arm.Microsoft.NETCore.App	2.2.3
runtime.win-arm.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.win-arm.Microsoft.NETCore.DotNetHost	2.2.3
runtime.win-arm.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.win-arm.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.win-arm64.Microsoft.NETCore.App	2.2.3
runtime.win-arm64.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.win-arm64.Microsoft.NETCore.DotNetHost	2.2.3
runtime.win-arm64.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.win-arm64.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.win-x64.Microsoft.NETCore.App	2.2.3
runtime.win-x64.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.win-x64.Microsoft.NETCore.DotNetHost	2.2.3
runtime.win-x64.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.win-x64.Microsoft.NETCore.DotNetHostResolver	2.2.3
runtime.win-x86.Microsoft.NETCore.App	2.2.3
runtime.win-x86.Microsoft.NETCore.DotNetAppHost	2.2.3
runtime.win-x86.Microsoft.NETCore.DotNetHost	2.2.3
runtime.win-x86.Microsoft.NETCore.DotNetHostPolicy	2.2.3
runtime.win-x86.Microsoft.NETCore.DotNetHostResolver	2.2.3

This site is open source. Improve this page.