Add Jan/Feb 24 .NET Framework Release Notes #39757
Conversation
Migrate the .NET Framework release update from blog posts to release notes in Microsoft Learn.
TaraOverfield
requested review from
richlander,
Lxiamail,
csnellgrove1-zz and
gewarren
|
@TaraOverfield Is this ready for review? |
docs/framework/Release-Notes/01-January-Preview-of-Quality-Rollup
Outdated
Show resolved
Hide resolved
docs/framework/Release-Notes/01-January-Preview-of-Quality-Rollup
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,18 @@ | |||
| ## How to Get Security and Quality Rollup .NET Framework updates: | |||
There was a problem hiding this comment.
Why don't these files have file extensions? They should be .md files. Otherwise, they won't render properly, nor will we get good markdown linting.
docs/framework/Release-Notes/01-January-Security-and-Quality-Rollup
Outdated
Show resolved
Hide resolved
Co-authored-by: Rich Lander <[email protected]>
Html-to-markdown-feb-releasenotes
There was a problem hiding this comment.
The "How to Get Security Only Update for .NET Framework:" is dup of "How to Get Security and Quality Update for .NET Framework:" I would expect security only update specific guide.
| This security update addresses a security feature bypass vulnerability detailed in <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-0056" rel="nofollow">CVE 2024-0056</a>. | ||
|
|
||
| <h5>CVE-2024-0057 – .NET Framework Security Feature Vulnerability</h5> | ||
| Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 . This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. |
There was a problem hiding this comment.
This is .NET Core specific info, shouldn't be in .NET Framework post.
| <h5>CVE-2024-0056 – .NET Framework Security Feature Bypass Vulnerability</h5> | ||
| Microsoft is releasing this security advisory to provide information about a vulnerability in .NET's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. | ||
|
|
||
| A vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attacker can perform an AiTM (adversary-in-the-middle) attack between the SQL client and the SQL server. This may allow the attacker to steal authentication credentials intended for the database server, even if the connection is established over an encrypted channel like TLS. |
There was a problem hiding this comment.
Looks like there are additional explanation added to two of the security fixes comparing with the original 2024 January blog post (https://devblogs.microsoft.com/dotnet/dotnet-framework-january-2024-security-and-quality-rollup/). Is that intentional?
| @@ -0,0 +1,57 @@ | |||
| <h2>January Preview of Quality Rollup</h2> | |||
| <italics> released January 24, 2024</italics> | |||
There was a problem hiding this comment.
The title is different from previous blog post's title ".NET Framework January 2024 Cumulative Update Preview" (https://devblogs.microsoft.com/dotnet/dotnet-framework-january-2024-cumulative-update-preview/). Is that intentional? Why was the change?
| @@ -0,0 +1,298 @@ | |||
| <h2>January Security and Quality Rollup</h2> | |||
There was a problem hiding this comment.
Can we make the preview post after the security and quality post in the same month so that the posts are in the release sequence?
|
@jamesmontemagno @richlander @Lxiamail @gewarren Is this still relevant? Or should it be closed? (Feb was quite a while ago) |
|
Feel free to reopen if you're still working on this. |
Migrate the .NET Framework release update from blog posts to release notes in Microsoft Learn.
Summary
Describe your changes here.
Fixes #Issue_Number (if available)
Internal previews