React، آیبیام جدید است!
#C یا زبانهای دیگر !
Security Advisory Notices
CVE-2019-1077 Visual Studio Extension Auto Update Vulnerability
An elevation of privilege vulnerability exists when the Visual Studio Extension auto-update process improperly performs certain file operations. An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by securing locations the Visual Studio Extension auto-update performs file operations in.
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
The security update addresses the vulnerability by correcting how ASP.NET Core parses URLs. Details can be found in the .NET Core release notes.
CVE-2019-1113 WorkflowDesigner XOML deserialization allows code execution
A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. There is now a restriction on what types are allowed to be used in XOML files. If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.
For further information, please refer to https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml.
The first version of ASP.NET was released 17 years ago and during these years, it is fascinating to see how the ASP.NET team constructively reacted through these years to the major shifts happening on the web. Initially a platform that was closed and tried to hide and abstract the web; ASP.NET has metamorphized into an open source and cross platform - one that fully embraces the nature of the web. This is the first part of a series of 3 articles that will cover the history of ASP.NET from its launch to the latest ASP.NET Core releases.
خلاصه اشتراکهای روز چهار شنبه 18 آبان 1390
یک نگاهی به لینک بالا ندازید لطفا
سری آموزشی Git و GitHub
Git and GitHub for Poets
11 videos
Learning Objectives:
* Understand the concept of version control.
* Understand the difference between git software and GitHub the website.
* Understand terminology: branch, fork, merge, pull, push, remote
* Make your first pull request to a git repository on GitHub.
Security Advisory Notice for 16.6.2
CVE-2020-1108 / CVE-2020-1108.NET Core Denial of Service Vulnerability
To comprehensively address CVE-2020-1108, Microsoft has released updates for .NET Core 2.1 and .NET Core 3.1. Customers who use any of these versions of .NET Core should install the latest version of .NET Core. See the Release Notes for the latest version numbers and instructions for updating .NET Core.
CVE-2020-1202 / CVE-2020-1203 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fails to properly handle objects in memory.
CVE-2020-1293 / CVE-2020-1278 / CVE-2020-1257 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations
Top Issues Fixed in Visual Studio 2019 version 16.6.2
- Visual Studio 2019 16.60 hang at run or build when modified not saved in C++/CLI project
- An unhandled exception of type 'System.NullReferenceException' occurred in Microsoft.VisualStudio.DesignTools.WpfTap.dll
- Recurring null reference when reopening documents
- "Create new project" dialog search does not find templates for third-party language providers
- IntelliSense shows that "tilde-slash" (~/) points to ASP .NET Core 3.1 project root instread of wwwroot subfolder after upgrading Visual Studio Enterprise 16.5.6->16.6.0
- Fixed a compiler error (error C2475: redefinition; 'constexpr' specifier mismatch) affecting std::atomic when compiled as C++/CX in C++17 mode.
- URL completion values and format was fixed in Razor views. App-relative URL format is now used again and the values in the URL completion list show files and folders rooted under app root, i.e. wwwroot.
- Fixed a crash when using snippets.
- Restore item templates that could be hidden by extensions.
<div condition="Model.Approved"> <p> This website has <strong surround="em">@Model.Approved</strong> been approved yet. Visit www.contoso.com for more information. </p> </div> <div condition="!User.Identity.IsAuthenticated">I'm not a valid user</div> <div condition="User.Identity.IsAuthenticated">I can use the system</div>
1.Visual Studio 2017 15.7 منتشر شد
These are the customer-reported issues addressed in 15.7.1:
- This release includes a fix that reduces memory usage and GC pressure during solution load.
Microsoft Security Advisory for .NET Core Denial Of Service Vulnerability
CVE-2018-0765
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core and .NET native version 2.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a denial of service vulnerability that exists when .NET Framework and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework, .NET Core, or .NET native application.
The update addresses the vulnerability by correcting how .NET Framework, .NET Core, and .NET native applications handle XML document processing.
If your application is an ASP.NET Core application, developers are also advised to update to ASP.NET Core 2.0.8.