Secure your .NET cloud apps with rootless Linux Containers
This post was updated on April 12, 2024 to reflect the latest releases. Starting with .NET 8, all of our Linux container images will include a non-root user. You’ll be able to host your .NET...
View ArticleRunning non-root .NET containers with Kubernetes
This post was updated on April 25, 2024 to reflect the latest releases. Rootless or non-root Linux containers have been the most requested feature for the .NET container team. We recently announced...
View ArticleWhat does Azure AD renamed Microsoft Entra ID mean for .NET developers?
You may have heard that one of the key announcements at Reimagine secure access with Microsoft Entra was that Azure Active Directory (Azure AD) is being renamed to Microsoft Entra ID as part of the...
View ArticleHTTPS Everywhere Update
Mistakes were made When we first published the plan for the effort of HTTPS everywhere, we wanted to get developer community feedback on the various HTTP and HTTPS scenarios that we don’t have much...
View ArticleClik here to view.
What’s new with identity in .NET 8
In April 2023, I wrote about the commitment by the ASP.NET Core team to improve authentication, authorization, and identity management in .NET 8. The plan we presented included three key deliverables:...
View Article.NET Framework November 2023 Security and Quality Rollup
Revised 12/19/23: To add missing product versions of Windows Server 2012 and Windows Server 2012 R2. Revised 11/15/23: To remove CVE details which were not affected by the .NET Framework November...
View ArticleClik here to view.
Building a Safer Future – How NuGet is Tackling Software Supply Chain Threats
Despite significant technological progress in addressing complex security threats, the key to preventing the next attack lies in adhering to fundamental security principles. It’s essential to ensure...
View ArticleClik here to view.
NuGetAudit 2.0: Elevating Security and Trust in Package Management
Introduction In November 2023 (NuGet 6.8, Visual Studio 17.8, .NET SDK 8.0.100), we released NuGet Audit. NuGet Audit provides warnings during restore when a package with a known vulnerability is used...
View ArticleBinaryFormatter removed from .NET 9
Starting with .NET 9, we no longer include an implementation of BinaryFormatter in the runtime (.NET Framework remains unchanged). The APIs are still present, but their implementation always throws an...
View ArticleClik here to view.
OpenSSF Scorecard for .NET and the NuGet ecosystem
OpenSSF Scorecard is a tool developed by the Open Source Security Foundation (OpenSSF) that provides automated security assessments for open-source projects. The primary goal of the Scorecard project...
View Article