maxmustermann/dotnet-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #2556 from dotnet/leecow-patch

Browse source 
add sec content to 2.2.4 rel notes
This commit is contained in:
Lee Coward 2019-04-09 12:15:09 -07:00 committed by GitHub
parent a63a723db1 61bcf8d6e6
commit b8c9b5aa4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
release-notes/2.2/2.2.4/2.2.4.md
View file

@ -56,6 +56,13 @@ See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blo
.NET Core 2.2.4 release carries both security and non-security fixes.
### Microsoft Security Advisory CVE-2019-0815: ASP.NET Core denial of service vulnerability
[aspnet/Announcements#352](https://github.com/aspnet/Announcements/issues/352)
Microsoft is releasing this security advisory to provide information about a vulnerability in public ASP.NET Core 2.2. This advisory also provides guidance on what developers can do to update their applications correctly.
Microsoft is aware of a security vulnerability in all public versions of ASP.NET Core where, if an application is hosted on Internet Information Server (IIS) a remote unauthenticated attacker can use a specially crafted request can cause a Denial of Service. The security update addresses the vulnerability by ensuring the IIS worker process does not crash in response to specially crafted requests.
### Additional fixes in this release
* [CoreCLR](https://github.com/dotnet/coreclr/issues?utf8=%E2%9C%93&q=milestone%3A2.2.4+label%3Aservicing-approved)
* [CoreFX](https://github.com/dotnet/corefx/issues?utf8=%E2%9C%93&q=milestone:2.2.4+label:servicing-approved)