.NET Core 2.1.4 is available for [download](2.1.4-download.md) and usage in your environment. This release includes .NET Core 2.1.4, ASP.NET Core 2.1.4 and .NET Core SDK 2.1.402. All fixes of note can be seen in the [2.1.4 commits](2.1.4-commits.md) list.
Visit the [.NET Core blog][dotnet-blog] to read more about this release. Your feedback is important and appreciated. We've created an issue at [dotnet/core #1932](https://github.com/dotnet/core/issues/1932) for your questions and comments.
\* Includes the .NET Core and ASP.NET Core runtimes
### Docker Images
The [.NET Core Docker images](https://hub.docker.com/r/microsoft/dotnet/) have been updated for this release. Details on our Docker versioning and how to work with the images can be seen in ["Staying up-to-date with .NET Container Images"](https://blogs.msdn.microsoft.com/dotnet/2018/06/18/staying-up-to-date-with-net-container-images/).
* Deployment of .NET Core 2.1.4 to Azure App Services will begin on today, September 11, 2018. Deployment will proceed to additional regions and is expected to be complete by the end of the week.
## .NET Core Lifecycle News
See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blob/master/os-lifecycle-policy.md) to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.
### Supported Linux version changes
No changes in support for September.
## Notable Changes in 2.1.4
### [CVE-2018-8409: .NET Core Denial Of Service Vulnerability](https://github.com/dotnet/Announcements/issues/83)
**Executive summary**
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a denial of service vulnerability in .NET Core when System.IO.Pipelines improperly handles requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an application that is leveraging System.IO.Pipelines. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by providing specially crafted requests to the application.
The update addresses the vulnerability by correcting how System.IO.Pipelines handles requests.
#### Package and Binary updates
| Package name | Vulnerable versions | Secure versions |
| :--- | :--- | :--- |
System.IO.Pipelines | 4.5.0 | 4.5.1 |
### [CVE-2018-8409: ASP.NET Core Denial Of Service Vulnerability](https://github.com/aspnet/Announcements/issues/316)
**Executive summary**
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a denial of service vulnerability when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by providing a specially crafted web requests to the ASP.NET Core application.
The update addresses the vulnerability by correcting how ASP.NET Core handles parsing web requests.
#### Package and Binary updates
| Package name | Vulnerable versions | Secure versions |