From 9c24817b2aebd6afa926cc442a6a64398df28731 Mon Sep 17 00:00:00 2001 From: Rahul Bhandari Date: Tue, 11 May 2021 10:58:29 -0700 Subject: [PATCH 1/2] Update 5.0.6.md --- release-notes/5.0/5.0.6/5.0.6.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/release-notes/5.0/5.0.6/5.0.6.md b/release-notes/5.0/5.0.6/5.0.6.md index 742c0412b1..299ffa6f7c 100644 --- a/release-notes/5.0/5.0.6/5.0.6.md +++ b/release-notes/5.0/5.0.6/5.0.6.md @@ -53,24 +53,24 @@ You need [Visual Studio 16.8](https://visualstudio.microsoft.com) or later to us ## Notable Changes .NET 5.0.6 release carries both security and non-security fixes. -# Microsoft Security Advisory CVE-2021-31204 | .NET Core Elevation of Privilege Vulnerability - -Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. - -An elevation of privilage vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on Operating Systems based on Linux or macOS. - * [Blog Roundup][dotnet-blog] * [Known issues](../5.0-known-issues.md) * Resolves [NuGet package restore broken on .NET 5+ with Removal of Trust of Verisign CA](https://github.com/dotnet/announcements/issues/180) * .NET SDK 5.0.202 includes fixes to the runtime and Windows SDK projections with C#/WinRT v1.2.2, including several memory leak fixes. These fixes are for developers targeting a specific Windows SDK version in their project's `TargetFramework`. Refer to the C#/WinRT v1.2.2 [release notes](https://github.com/microsoft/CsWinRT/releases/tag/1.2.2.210413.1) for more details. - Release feature and bug lists:. * [Runtime](https://github.com/dotnet/runtime/issues?q=milestone%3A5.0.6+is%3Aclosed+label%3Aservicing-approved) * [ASP.NET Core](https://github.com/dotnet/aspnetcore/issues?q=milestone%3A5.0.6+is%3Aclosed+label%3Aservicing-approved) * [Winforms](https://github.com/dotnet/winforms/issues?q=milestone%3A5.0.6+is%3Aclosed+label%3Aservicing-approved) +### Microsoft Security Advisory CVE-2021-31204 | .NET Core Elevation of Privilege Vulnerability + +Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. + +An elevation of privilage vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on Operating Systems based on Linux or macOS. + + ## Feedback From eb85bbf6eac5d33ab8660d03cfc9c79bf30da12f Mon Sep 17 00:00:00 2001 From: Rahul Bhandari Date: Tue, 11 May 2021 10:59:49 -0700 Subject: [PATCH 2/2] Update 3.1.15.md --- release-notes/3.1/3.1.15/3.1.15.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/release-notes/3.1/3.1.15/3.1.15.md b/release-notes/3.1/3.1.15/3.1.15.md index f7d71dedb7..37b077cf43 100644 --- a/release-notes/3.1/3.1.15/3.1.15.md +++ b/release-notes/3.1/3.1.15/3.1.15.md @@ -58,12 +58,6 @@ The following repos have been updated. .NET Core 3.1.15 release carries both security and non-security fixes. -# Microsoft Security Advisory CVE-2021-31204 | .NET Core Elevation of Privilege Vulnerability - -Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. - -An elevation of privilage vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on Operating Systems based on Linux or macOS. - * [Blog Roundup][dotnet-blog] * [Known issues](../3.1-known-issues.md) @@ -73,6 +67,13 @@ An elevation of privilage vulnerability exists in .NET 5.0 and .NET Core 3.1 whe * [ASP.NET](https://github.com/dotnet/aspnetcore/pulls?q=milestone%3A3.1.15+is%3Aclosed+label%3Aservicing-approved) * [Extensions](https://github.com/dotnet/extensions/pulls?q=milestone%3A3.1.15+is%3Aclosed+label%3Aservicing-approved) + +### Microsoft Security Advisory CVE-2021-31204 | .NET Core Elevation of Privilege Vulnerability + +Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. + +An elevation of privilage vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on Operating Systems based on Linux or macOS. + ## macOS Notarization Change Running "dotnet build" will generate a dll instead of a dylib on macOS. This is a planned change to not use the AppHost by default on macOS because of [notarization requirements](https://docs.microsoft.com/dotnet/core/install/macos-notarization-issues). If you want to opt into using the AppHost, add the following to your project file: ```