.NET 8.0.0 RC 1 - September 12, 2023
The .NET 8.0.0 RC 1 and .NET SDK 8.0.100-rc.1.23463.5 releases are available for download. The latest 8.0 release is always listed at .NET 8.0 Releases.
.NET SDK 8.0.100-rc.1.23463.5 - September 14 2023
Today, we are releasing a new version of .NET SDK. This release suprecedes the .NET SDK 8.0.100-rc.1.23455.8
version. The .NET SDK 8.0.100-rc.1.23463.5
is available in Visual Studio 17.8 Preview 1.
This resolves an issue where the .NET SDK 8.0.100-rc.1.23455.8
did not recognize a new certificate in MAUI optional workload. This caused the workload install to fail when using the .NET CLI. Customers would see an error even though the package was correctly signed.
Failed to update the advertising manifest microsoft.net.sdk.maui: Failed to validate package signing.
Verifying Microsoft.NET.Sdk.Maui.Manifest-8.0.100-rc.1.Msi.x64.8.0.0-rc.1.9171
What's new in .NET 8 RC 1
.NET 8 is the next major release of .NET following .NET 7.0. You can see some of the new features available with .NET 8 RC 1 at dotnet/core #8439.
See the .NET and ASP.NET Core blogs for additional details. Here is list of some of the additions and updates we're excited to bring in RC 1.
Downloads
SDK Installer1 | SDK Binaries1 | Runtime Installer | Runtime Binaries | ASP.NET Core Runtime | Windows Desktop Runtime | ||
---|---|---|---|---|---|---|---|
Windows | x86 | x64 | Arm64 | x86 | x64 | Arm64 | x86 | x64 | Arm64 | x86 | x64 | Arm64 | x86 | x64 | Hosting Bundle2 |
x86 | x64 | Arm64 | |
macOS | x64 | ARM64 | x64 | ARM64 | x64 | ARM64 | x64 | ARM64 | x64 | ARM64 | - | 1 |
Linux | Snap and Package Manager | x64 | Arm | Arm64 | Arm32 Alpine | x64 Alpine | Packages (x64) | x64 | Arm | Arm64 | Arm32 Alpine | Arm64 Alpine | x64 Alpine | x641 | Arm1 | Arm641 | x64 Alpine | - | 1 |
Checksums | Checksums | Checksums | Checksums | Checksums | Checksums |
- Includes the .NET Runtime and ASP.NET Core Runtime
- For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Runtime.
The .NET SDK includes a matching updated .NET Runtime. Downloading the Runtime or ASP.NET Core packages is not needed when installing the SDK.
You can check your .NET SDK version by running the following command. The example version shown is for this release.
$ dotnet --version
8.0.100-rc.1.23463.5
.NET Multi-Platform App UI (MAUI) Workload Downloads
After installing the .NET SDK, you can install .NET MAUI using the dotnet workload install
command:
$ dotnet workload install maui
The following workloads are also available to install individually:
$ dotnet workload install android
$ dotnet workload install ios
$ dotnet workload install maccatalyst
$ dotnet workload install macos
$ dotnet workload install tvos
Docker Images
The .NET Docker images have been updated for this release. The .NET Docker samples show various ways to use .NET and Docker together. You can use the following command to try running the latest .NET 8.0 release in containers:
docker run --rm mcr.microsoft.com/dotnet/samples
The following repos have been updated.
- dotnet/sdk: .NET SDK
- dotnet/aspnet: ASP.NET Core Runtime
- dotnet/runtime: .NET Runtime
- dotnet/runtime-deps: .NET Runtime Dependencies
- dotnet/samples: .NET Samples
Visual Studio Compatibility
You need Visual Studio 17.7 latest preview to use .NET 8.0 on Windows. Visual Studio for Mac 17.6.1 now supports .NET 8.0 Previews. Users can separately install the .NET 8 SDK and enable a preview feature in Preferences to enable the IDE to discover and use the .NET 8 SDK for creating, loading, building, and debugging projects.
Notable Fixes
.NET 8.0 RC 1 carries security fixes
Note: The vulnerabilities CVE-2023-36792, CVE-2023-36793, CVE-2023-36792, CVE-2023-36796 are all resolved by a single patch. Get this update to resolve all of them.
CVE-2023-36792 - .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.
CVE-2023-36793 - .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.
CVE-2023-36794 - .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.
CVE-2023-36796 - .NET Remote Code Execution Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.
CVE-2023-36799 - .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A vulnerability exists in .NET where reading a maliciously crafted X.509 certificate may result in Denial of Service. This issue only affects Linux systems.
Feedback
Your feedback is important and appreciated. We've created an issue at dotnet/core #8759 for your questions and comments.