• Visual Studio hangs when opening certain JSON files.
• Visual Studio 2019 Preview crashing and restarting when editing cshtml file. 

Fixed In This Release of Visual Studio 2019 version 16.5

• Modified the find "List View" to work with the VsColorOutput extension.
• Fixed a regression introduced with version 16.5 where use of default indexed properties with value-types caused an internal compiler error.
• Modified find in files to preserve user settings between Visual Studio 2019 sessions.
• Fixed an issue where Goto next/previous entry failed to work in the find results list when "preview selected files in find results" is turned off.
• Fixed an issue with find when doing a regex search a pattern that did not contain regex special characters.
• Fixed the button placement in find in files tool window when its in a docked position. Changed alignments for better experience in docked mode.
• Fixed an issue where the find list view did not navigate to results when enter was hit.
• Fixed an issue where Goto next/previous entry failed to work in the find results list when "preview selected files in find results" is turned off.

Security Advisory Notice

CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability
CVE-2020-0900  Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
CVE-2020-5260  Git for Visual Studio Credential Leak Vulnerability due to insufficient validation on URLs

Summary of Notable New Features in 15.9

• You can now import and export an installation configuration file that specifies which workloads and components should be installed with an instance of Visual Studio.
• We have improved the debugging experience for NuGet packages using the new symbol package format (.snupkg).
• Step back in debugger is now available in C++ for Enterprise customers.
• C++ IntelliSense now responds to changes in the remote environment for both CMake and MSBuild projects targeting Linux.
• We have made updates to UWP Desktop Bridge framework packages and added support for ARM64 C++ Native Desktop scenarios.
• We added support for the range-v3 library with the MSVC 15.9 compiler.
• We fixed several bugs in the F# compiler and F# tools.
• Language service support for new TypeScript features for semantic file renaming and project references.
• Improved Node.js development by updating Vue.js templates and adding support for unit testing using the Jest framework.
• We added SharePoint 2019 project templates, so you can migrate existing SharePoint 2013 and 2016 projects to SharePoint 2019.
• Visual Studio Tools for Xamarin now supports Xcode 10.
• We made improvements to the Xamarin.Android build performance.
• We have added and improved features for Universal Windows Platform developers, including ARM64 support, the latest preview SDK, better debugging of Desktop Bridge applications, and XAML Designer improvements.
• Substantial improvements were made to the experience of using authenticated package feeds.
• There is now support for lock file to enable repeatable restore for PackageReference based projects.
• We have added support for the new license format for NuGet packages.
• We have introduced NuGet client policies in Visual Studio which enables you to lock down environments such that only trusted packages can be installed.
• We made the use of .NET Core within Visual Studio more predictable.

Top Issues Fixed in 15.9

• No way to change "Find All References" background color.
• "Visual C++ Resource Editor Package" load failed.
• VS2017 v15.8 Build does not start if XAML files are not manually saved first.
• Installation failed - manifest signature verification failed.
• Update 15.8.6 breaks Installer Projects.
• Scrolling up with the arrow key causes Visual Studio to page up.
• After updating to 15.8.1, data tip does not show when debugging.
• System.InvalidProgramException: Common Language Runtime detected an invalid program..
• Solution Explorer does not remain pinned after closing Visual Studio.
• Navigation bar in editor has trouble handling long method names. 

In Visual Studio 2013, there were a handful of templates that supported developing ASP.NET projects with various frameworks and data structures.  Some of those project templates from the Visual Studio 2012 era have been removed from the Visual Studio 2015 install and added to the Visual Studio Extension gallery as the ASP.NET Project Templates extension for Visual Studio 2015. 

Porting existing code to .NET Core used to be quite hard because the available API set was very small. In .NET Core 2.0, we already made this much easier, thanks to .NET Standard 2.0. Today, we’re happy to announce that we made it even easier with the Windows Compatibility Pack, which provides access to an additional 20,000 APIs via a single NuGet package. 

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with HMAC algorithm) or a public/private key pair using RSA. 

Security Advisory Notices

CVE-2019-1077 Visual Studio Extension Auto Update Vulnerability

An elevation of privilege vulnerability exists when the Visual Studio Extension auto-update process improperly performs certain file operations. An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by securing locations the Visual Studio Extension auto-update performs file operations in.

CVE-2019-1075 ASP.NET Core Spoofing Vulnerability

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.

The security update addresses the vulnerability by correcting how ASP.NET Core parses URLs. Details can be found in the .NET Core release notes.

CVE-2019-1113 WorkflowDesigner XOML deserialization allows code execution

A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. There is now a restriction on what types are allowed to be used in XOML files. If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.

For further information, please refer to https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml.

• We added support to change installation locations.
• You can Save All your pending changes before you start your update.
• The update dialog provides you even more details about your update during installation.
• C# 7.3 is included in Visual Studio version 15.7.
• We improved solution load time for C# and VB projects.
• We made numerous updates to F# and its tools, with a focus on performance.
• We reduced the time to enable IntelliSense for large .NET Core projects by 25%.
• We made Quick Info improvements and new .NET refactorings like convert for-to-foreach and make private fields readonly.
• We added the ability to publish ASP.NET Core applications to App Service Linux without containers.
• Live Unit Testing works with embedded pdbs and supports projects that use reference assemblies.
• The Test Explorer has more responsive icons during test runs.
• C++ developers can use CodeLens for unit testing.
• We added new rules enforcing items from the C++ Core Guidelines.
• Debugging large solutions with /Debug:fastlink PDBs is more robust.
• CMake integration supports CMake 3.11 and static analysis.
• Python projects support type hints in IntelliSense, and a Run MyPy command has been added to look for typing errors in your code.
• Conda environments are supported in Python projects.
• We added a next version of our Python debugger based on the popular open source pydevd debugger.
• TypeScript 2.8 is included in Visual Studio version 15.7.
• We improved Kestrel HTTPs support during debugging.
• We added support for JavaScript debugging with Microsoft Edge.
• The Debugger supports VSTS and GitHub Authentication for Source Link.
• IntelliTrace’s step-back debugging feature is supported for debugging .NET Core projects.
• We added IntelliTrace support for taking snapshots on exceptions.
• We removed the blocking modal dialog from branch checkouts in Git when a solution or project reload is not required.
• There is an option to choose between OpenSSL and SChannel in Git.
• You can create and associate Azure Key Vaults from within the Visual Studio IDE.
• Visual Studio Tools for Xamarin can automatically install missing Android API levels required by Xamarin.Android projects.
• The Xamarin.Forms XAML editor provides IntelliSense and quick fixes for conditional XAML.
• We added support for Azure, UWP, and additional project types in Visual Studio Build Tools.
• You can create build servers without installing all of Visual Studio.
• The Windows 10 April 2018 Update SDK - Build 17134 is the default required SDK for the Universal Windows Platform development workload.
• We added support for Visual State Management for all UWP apps and more.
• We enabled automatic updates for sideloaded APPX packages.
• You have new tools for migrating to NuGet PackageReference.
• We added support for NuGet package signatures.
• We added Service Fabric Tooling for the 6.2 Service Fabric release.
• We updated Entity Framework Tools to work with the EF 6.2 runtime and to improve reverse engineering of existing databases.