This release includes critical security and reliability updates to improve the quality of .NET Core. The latest releases can be found on the [.NET Core download pages](https://www.microsoft.com/net/download/core#/runtime) or from the following.
The .NET Core SDK 1.0.4 includes .NET Core 1.0.5 and 1.1.2 runtimes so downloading the runtime packages separately is not needed when installing the SDK.
Details regarding the security issues addressed by this release can be seen in the [Security Advisory announcement](https://github.com/dotnet/announcements/issues/12).
* [`[ed4a5c8b97]`](https://github.com/dotnet/corefx/commit/ed4a5c8b97) Adding updates to packages to update SqlClient in the 1.1.x release (#17635)
* [`[Microsoft Common Vulnerabilities and Exposures CVE-2017-0248]`](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0248) Fix for a security feature bypass vulnerability when .NET Core components do not completely validate certificates.
* [`[Microsoft Common Vulnerabilities and Exposures CVE-2017-0247]`](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0247) .NET Core HTML Encode Unicode Multibyte Vulnerability (System.Text.Encodings.Web) - this is not part of Shared Framework.
### ASP.NET Core
* Please see the [ASP.NET Core release page](https://github.com/aspnet/home/releases/1.1.2) for details on fixes from ASP.NET Core, MVC, Entity Framework Core and others.