Versions of .NET

Release 1.0.15

  • Released on 2019-03-12
  • Runtime 1.0.15
  • SDK 1.1.13
  • ASP.NET Runtime 1.0.15
  • !Security

SDK 1.1.13

  • Visual Studio 15.0.22


Release notes


.NET Core March 2019 Update - March 12, 2019

.NET Core 1.0.15 is available for download and usage in your environment.

The .NET Core SDK 1.1.13 includes .NET Core 1.0.15 Runtime so downloading the runtime packages separately is not needed when installing the SDK. After installing the .NET Core SDK 1.1.13, running dotnet --version will show that you're running version 1.1.13 of the .NET Core tools.

Your feedback is important and appreciated. We've created an issue at dotnet/core #2432 for your questions and comments.

Docker Images

The .NET Core Docker images have been updated for this release. Look for the updated images for .NET Core 1.0.15 and .NET Core SDK 1.1.13 and read "Staying up-to-date with .NET Container Images" for details and insights into using the .NET Core images.

Azure AppServices

  • Deployment of .NET Core 1.0.15 to Azure App Services has begun. It will be available in limited regions today and expected worldwide by the end of the week.

.NET Core Lifecycle News

There are no changes this month in OS version support status.

.NET Core 1.0 and 1.1, which entered "Maintenance" support status when 2.1 was declared LTS, will be end-of-life June 27, 2019. Updates for the 1.0 and 1.1 channels will no longer be offered after that date. See .NET Core Support Policy to learn more about the .NET Core support lifecycle.

See .NET Core Supported OS Lifecycle Policy to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

Changes in 1.0.15

  • CVE-2019-0657: .NET Core NuGet Tampering Vulnerability

    A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.

    The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine.

    Affected Package and Binary updates

    Package name Vulnerable versions Secure versions
    Nuget.Packaging 4.3.0 4.3.1

Package and Binary updates

Package name Version
Microsoft.NETCore.App 1.0.15
Microsoft.NETCore.DotNetHostPolicy 1.0.15
Microsoft.NETCore.ILAsm 1.0.17
Microsoft.NETCore.ILDAsm 1.0.17
Microsoft.NETCore.Jit 1.0.17
Microsoft.NETCore.Runtime.CoreCLR 1.0.17
Microsoft.NETCore.Targets 1.0.7
Microsoft.Private.PackageBaseline 1.0.0-servicing-27415-03
runtime.any.System.Runtime 4.1.2
runtime.aot.System.Runtime 4.0.22
runtime.debian.8-x64.Microsoft.NETCore.DotNetHostPolicy 1.0.15
runtime.debian.8-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.debian.8-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.debian.8-x64.Microsoft.NETCore.Jit 1.0.17
runtime.debian.8-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.fedora.23-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.fedora.23-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.fedora.23-x64.Microsoft.NETCore.Jit 1.0.17
runtime.fedora.23-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.opensuse.13.2-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.opensuse.13.2-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.opensuse.13.2-x64.Microsoft.NETCore.Jit 1.0.17
runtime.opensuse.13.2-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.osx.10.10-x64.Microsoft.NETCore.DotNetHostPolicy 1.0.15
runtime.osx.10.10-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.osx.10.10-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.osx.10.10-x64.Microsoft.NETCore.Jit 1.0.17
runtime.osx.10.10-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.rhel.7-x64.Microsoft.NETCore.DotNetHostPolicy 1.0.15
runtime.rhel.7-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.rhel.7-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.rhel.7-x64.Microsoft.NETCore.Jit 1.0.17
runtime.rhel.7-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.ubuntu.14.04-x64.Microsoft.NETCore.DotNetHostPolicy 1.0.15
runtime.ubuntu.14.04-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.ubuntu.14.04-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.ubuntu.14.04-x64.Microsoft.NETCore.Jit 1.0.17
runtime.ubuntu.14.04-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.ubuntu.16.04-x64.Microsoft.NETCore.DotNetHostPolicy 1.0.15
runtime.ubuntu.16.04-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.ubuntu.16.04-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.ubuntu.16.04-x64.Microsoft.NETCore.Jit 1.0.17
runtime.ubuntu.16.04-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.unix.System.Private.Uri 4.0.4
runtime.unix.System.Runtime.Extensions 4.1.2 4.1.2
runtime.win7.System.Private.Uri 4.0.4
runtime.win7-x64.Microsoft.NETCore.DotNetHostPolicy 1.0.15
runtime.win7-x64.Microsoft.NETCore.ILAsm 1.0.17
runtime.win7-x64.Microsoft.NETCore.ILDAsm 1.0.17
runtime.win7-x64.Microsoft.NETCore.Jit 1.0.17
runtime.win7-x64.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
runtime.win7-x86.Microsoft.NETCore.DotNetHostPolicy 1.0.15
runtime.win7-x86.Microsoft.NETCore.ILAsm 1.0.17
runtime.win7-x86.Microsoft.NETCore.ILDAsm 1.0.17
runtime.win7-x86.Microsoft.NETCore.Jit 1.0.17
runtime.win7-x86.Microsoft.NETCore.Runtime.CoreCLR 1.0.17
System.Private.Uri 4.0.4
System.Runtime 4.1.2
System.Runtime.Extensions 4.1.2