We just released an update for ASP.NET Core 1.1 due to Microsoft Security Advisory 4010983
. The advisory is for a vulnerability in ASP.NET Core MVC 1.1.0 that could allow denial of service. All of the information you need is in the advisory. A short summary is provided below.
Red Hat customers should consult the Red Hat advisory
for the same issue.
How to Obtain the Update
The update is in the Microsoft.AspNetCore.Mvc.Core package
. You need to upgrade your project to use version 1.1.1 (or later) of the package and then re-publish your application.
See below for examples of project file updates, for project.json and csproj formats. Note the updated Microsoft.AspNetCore.Mvc.Core package version.
The dependencies section of an updated project.json file would look like the following (in its most minimal form).
An updated csproj file would look like the following (in its most minimal form):
<PackageReference Include="Microsoft.AspNetCore" Version="1.1.0" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="1.1.1" />