.NET November 2023 Updates – .NET 7.0.14, .NET 6.0.25

Brink · Nov 14, 2023

Today, we are releasing the .NET November 2023 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 7.0.14 and 6.0.25 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Installers and binaries: 7.0.14 | 6.0.25

Release notes: 7.0.14 | 6.0.25

Container images

Linux packages: 7.0.14 | 6.0.25

Release feedback/issue

Known issues: 7.0 | 6.0

Windows Package Manager CLI (winget)
You can now install .NET updates using the Windows Package Manager CLI (winget):

To install the .NET 7 runtime: winget install dotnet-runtime-7

To install the .NET 7 SDK: winget install dotnet-sdk-7

To update an existing installation: winget upgrade

See Install with Windows Package Manager (winget) for more information.

Security
CVE-2023-36049 – .NET Elevation of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

An elevation of privilege vulnerability exists in .NET where untrusted URIs provided to System.Net.WebRequest.Create can be used to inject arbitrary commands to backend FTP servers.

CVE-2023-36558 – .NET Security Feature Bypass Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A security feature bypass vulnerability exists in ASP.NET where an unauthenticated user is able to bypass validation on Blazor server forms which could trigger unintended actions.

Visual Studio
See release notes for Visual Studio compatibility for .NET 7.0 and .NET 6.0.