Security Advisory Notices
CVE-2019-1077 Visual Studio Extension Auto Update Vulnerability
An elevation of privilege vulnerability exists when the Visual Studio Extension auto-update process improperly performs certain file operations. An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by securing locations the Visual Studio Extension auto-update performs file operations in.
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
The security update addresses the vulnerability by correcting how ASP.NET Core parses URLs. Details can be found in the .NET Core release notes.
CVE-2019-1113 WorkflowDesigner XOML deserialization allows code execution
A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. There is now a restriction on what types are allowed to be used in XOML files. If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.
For further information, please refer to https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml.
طراحی دو صفحهای وب با React
In this post, we’ll look at how we can use one of the most popular libraries, React, to build a foldable web experience.
Response Caching در ASP.NET Core 1.1
With the ASP.NET Core 1.1 release, many new features were introduced. One of them was enabling gZip compression and today we will take a look at another new feature which is Response Caching Middleware.
- Custom tasks with default contextType via tasks.vs.json are broken in Open Folder.
- No snapshot created for C++ native code in Memory Usage tool in the Diagnostic Tools window while debugging.
- Crash in VS 16.1.0 when pressing the link "search online".
- Fixed the issue where sometimes certain features (i.e. Find All References) in LiveShare guest session do not work.
- Fixed an issue where the devenv.exe process could hang around after shutdown of Visual Studio for up to 30 seconds.
A 2016 study found that the economic impact of Daylight Saving , due to increased heart attacks, workplace accidents and cyberloafing (slacking off at work!) cost the US economy $434 million each year, there are a great many others that present similar evidence.
In 2019 the European Union voted to abolish daylight saving in 2021, similarly the “Sunshine Protection Act of 2021” is gaining traction in the US. Over the next decade I feel quite sure that most of the globe will reject daylight saving entirely.
This is a guide on how to make requests to a protected resource using Client Credentials with the IdentityServer4.Contrib.HttpClientService nuget package. The library is actually an HttpClient
service that makes it easy to make authenticated and resilient HTTP requests to .protected by IdentityServer4 resource
کتابخانه Scroll to Style
scrollToStyle is a versatile tool that lets you manage CSS properties of elements using the page scroll.
You will be able to compel the elements move, change their size, color, opacity, background and many other properties.
Features:
- Management absolutely all the properties of a numeric value
- Browser Support depends only on selected properties
- It manages multiple properties of the same element
- Management fractional property values and control the number of decimal places
- Fixing of the screen during an animation
- Animation range control