.NET October 2024 Update - .NET 8.0.10, .NET 6.0.35

[rbhanda]

.NET October 2024 Update

Release Notes

• 8.0.10
• 6.0.35

Status

Asset Type	8.0.10	6.0.35	Notes
Installers/Binaries	✅	✅
Snaps	✅	✅
Linux Packages (Microsoft distribution)			The list below refers to the Microsoft-provisioned feeds (packages.microsoft.com) and does not in any way represent direct availability in distros (eg RHEL, Fedora).
Centos 7	NA
Centos 8
Debian 10
Debian 11
Debian 12
Fedora 37
Fedora 38
Fedora 39
Fedora 40
OpenSUSE 15
Ubuntu 20.04
Ubuntu 22.04
Ubuntu 23.04
Ubuntu 24.04

Issues

Please report any issues you find either by responding to this issue, creating a new issue or creating a new issue in one of the following repos:

• ASP.NET Core: dotnet/aspnetcore
• Entity Framework Core: dotnet/efcore
• .NET CLI/SDK dotnet/sdk
• .NET runtime dotnet/runtime
• Winforms: dotnet/winforms
• WPF: dotnet/wpf
• NuGet: nuget/home
• Containers: dotnet/dotnet-docker
• Winget: microsoft/winget-pkgs

Known Issues

• We are aware of wrong nuget versions being listed as vulnerable in our recently published dotnet/runtime advisories. We are actively working to resolve it. We are awaiting these [GHSA-8g4q-xg66-9fp4] Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability github/advisory-database#4882
  [GHSA-f32c-w444-8ppv] Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability github/advisory-database#4883
  [GHSA-qj66-m88j-hmgj] Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability github/advisory-database#4884
  PRs to be merged. Once they are merged, NuGet should have the correct versions updated. If you have dependabot PRs open due to this, we recommend ignoring them until the corrected advisories are published on GitHub

[MikeFarrington]

I can't download the SDK installers, I get like 0 byte files downloading the x64, or 255 byte files which clicking on a different one.

I'm guessing the files aren't yet cached on the CDNs or something, but perhaps it's something more.

[mairaw]

Are you getting the link from the .NET website or somewhere else @MikeFarrington?

I just tested with https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.403-windows-x64-installer and downloaded a 212 MB file.

[MikeFarrington]

Are you getting the link from the .NET website or somewhere else @MikeFarrington?

I just tested with https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/sdk-8.0.403-windows-x64-installer and downloaded a 212 MB file.

I tried both the .NET website, and from the github release page. I also tried the link in your comment.

All results are the same. CDNs are of course regional, so, maybe I need to wait for it to propagate fully or something.

Edit To Add: Sorry, it looks like my browser was acting up. Restarting Firefox cleared it up. Sorry, I've never had that happen before.

[JuergenAuer]

I have the same problem. Installed 8.0.0 - 8.0.8 + SDK, different machines, no problem.

Now: 0 Bytes, 128KB, 192KB, via Github 48KB. Tried to install the newest SDK.

PS: Looks like a FireFox-Problem. Chrome - no problem, 212 MB, installation works.

[jhancock-taxa]

Doesn't appear to have the MacOS fix that without it, means that any Mac with Sequoia on it is non-functional with .net and a major blocker and was promised for this release.

[timmkrause]

Doesn't appear to have the MacOS fix that without it, means that any Mac with Sequoia on it is non-functional with .net and a major blocker and was promised for this release.

Was also searching around. Just saw the PR that added it into the known issue doc.

1c3ac26

I just let a friend on 15.0.1 run dotnet dev-certs https which calls the faulty CertificateRequest.CreateSelfSigned and it executed successfully. So my guess would be that it is fixed. But I can't prove it or find evidence over here.

[jhancock-taxa]

8.0.403 was just released that does fix this.

But you need to run:

dotnet dev-certs https --clean
dotnet dev-certs https --trust

And then you should be back in business.

[IJUSTWANTCODESEARCH]

It appears the CVE for System.Text.Json was published incorrectly, the patched version is listed as 8.0.10 - it should be 8.0.5; unless there is another pending nuget push for that package.

[rbhanda]

It appears the CVE for System.Text.Json was published incorrectly, the patched version is listed as 8.0.10 - it should be 8.0.5; unless there is another pending nuget push for that package.

Thanks a lot for flagging this. I have updated our advisories with correct versions.

[Vincentp90]

Hey, I'm quite inexperienced with docker so this might be pebkac issue. I have this dockerfile and with SDK 8.0.402 docker build is working perfectly fine. (mcr.microsoft.com/dotnet/sdk:8.0.402)

However when using image mcr.microsoft.com/dotnet/sdk:8.0 (I assume this refers to current image so 8.0.403) then I get issue, somewhere in the build "dotnet devcerts https --export-path /root/.aspnet/https/something.client.pem --format Pem --no-password" is called. And this gives error that the path /root/.aspnet/https does not exist.

Is something changed here? Or is something changed with setting APPDATA or HOME env var (this is also used to set the --export-path in the build)?

[oromand]

Hello,

Just to report that we have started to encountered tests errors after freshly pulling the 8.0.403 image.

Our Dockerfile is making use of dotnet/sdk 8.0 (ff705b99a06144190e2638f8ede64a753915df5ea27fff55f58d0eb5f7054b0b).

In particular, some check happened to fail the pipeline regarding the instanciation of an IHost instance in the WebApplicationFactory usage

This is the stacktrace

Error Message:
   Unable to create instance of class Contoso.Tnt.Api.Tests.Application.DataGathering.Services.DataCompareServiceTests. Error: System.InvalidOperationException: The entry point exited without ever building an IHost..
  Stack Trace:
      at Microsoft.Extensions.Hosting.HostFactoryResolver.HostingListener.CreateHost()
   at Microsoft.Extensions.Hosting.HostFactoryResolver.<>c__DisplayClass10_0.<ResolveHostFactory>b__0(String[] args)
   at Microsoft.AspNetCore.Mvc.Testing.DeferredHostBuilder.Build()
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.CreateHost(IHostBuilder builder)
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.DelegatedWebApplicationFactory.CreateHost(IHostBuilder builder)
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.ConfigureHostBuilder(IHostBuilder hostBuilder)
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.EnsureServer()
   at Microsoft.AspNetCore.Mvc.Testing.WebApplicationFactory`1.get_Services()
   at Contoso.Tnt.Api.Tests.BaseTestClass..ctor() in /builds/contoso/sales-preparation/products/offermgt/src/tnt.backend/src.tnt.backend/Contoso.Tnt.Api.Tests/BaseTestClass.cs:line 60

This is the BaseTestClass that allows child classes to resolve some services

public class BaseTestClass
    {
        public IServiceProvider ServiceProvider { get; }

        public BaseTestClass()
        {
            Mock<IDatabase> mockDatabase = new Mock<IDatabase>();
            Mock<IDatabaseAsync> mockDatabaseAsync = new Mock<IDatabaseAsync>();
            Mock<IConnectionMultiplexer> mockConnectionMultiplexer = new Mock<IConnectionMultiplexer>();
            var application = new WebApplicationFactory<Program>().WithWebHostBuilder(builder =>
                {
                    var myConfiguration = builder.ConfigureAppConfiguration((context, conf) =>
                    {
                        //conf.Sources.Clear();
                        //conf.AddConfiguration(context.Configuration);

                        Dictionary<string, string> redisConfiguration = new Dictionary<string, string>
                         {
                                 { "RabbitConfiguration:UriConnectionString", ""},
                                 { "RabbitConfiguration:Suffix", "-unittest" },
                                 { "Redis:IsActive", "false" },
                                 { "ConnectionStrings:TntDatabase", "" }
                         };
                        conf.AddInMemoryCollection(redisConfiguration!);

                    });

                    builder.ConfigureTestServices(services =>
                    {
                        services.RemoveAll<IRedisCache>();
                        services.AddSingleton<IRedisCache, MockRedisCache>();

                        services.RemoveAll<IDatabaseAsync>();
                        services.RemoveAll<IDatabase>();
                        services.AddSingleton(mockDatabase.Object);
                        services.AddSingleton(mockDatabaseAsync.Object);

                    });
                });


            ServiceProvider = application.Services;
        }

        public T ResolveScope<T>()
        {
            var scope = this.ServiceProvider.CreateScope();
            return scope.ServiceProvider.GetRequiredService<T>();
        }

        public T Resolve<T>()
        {
            return this.ServiceProvider.GetRequiredService<T>();
        }
    }

[kolocsar]

Hey, I'm quite inexperienced with docker so this might be pebkac issue. I have this dockerfile and with SDK 8.0.402 docker build is working perfectly fine. (mcr.microsoft.com/dotnet/sdk:8.0.402)

However when using image mcr.microsoft.com/dotnet/sdk:8.0 (I assume this refers to current image so 8.0.403) then I get issue, somewhere in the build "dotnet devcerts https --export-path /root/.aspnet/https/something.client.pem --format Pem --no-password" is called. And this gives error that the path /root/.aspnet/https does not exist.

Is something changed here? Or is something changed with setting APPDATA or HOME env var (this is also used to set the --export-path in the build)?

We are experiencing a very similar issue. Our docker build process started failing because the dotnet dev-certs call was failing. After some troubleshooting (no code changes from our side) we realized that .NET had a new version and other people were experiencing the same problem.

Is there any way to temporarily fix this? Or should we wait for a new release?

[kolocsar]

8.0.403 was just released that does fix this.

But you need to run:

dotnet dev-certs https --clean dotnet dev-certs https --trust

And then you should be back in business.

Added this steps to our build and did not fix the issue. Had to use FROM mcr.microsoft.com/dotnet/sdk:8.0.402 AS build

We are not using Mac OS (docker image is linux based)

[deepu9890]

.NET 8.0.8 and .NET SDK 8.0.400 after patch update the application failing with exception could not load file or assembly Microsoft.AspNetCore.SignalR.Client.Core etc.. We load all dlls from installation location and with the new patch update causing issues on client machines and forcibly asking for upgrade.
Can anyone suggest or help us.

Microsoft.AspNetCore.SignalR.Client.Core should be update to version 8.08,

see exception msg: "Could not load file or assembly 'Microsoft.AspNetCore.SignalR.Client.Core, Version=8.0.8.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'

[BizzMine-PJ]

Since upgrading to .NET 8.0.10, our application has encountered a breaking issue. Is anyone else experiencing this, or have found a solution? It might be related to Microsoft Security Advisory CVE-2024-43483.

Here’s the code that’s now throwing an exception:

An unhandled exception has occurred while executing the request.|System.NullReferenceException: Object reference not set to an instance of an object.
at XXXXXX.Infrastructure.Caching.MemoryCacheExtensions.GetEntriesCollection(IMemoryCache cache)

{
    private static List<string> GetEntriesCollection(IMemoryCache cache)
    {
        var coherentState = typeof(MemoryCache).GetField("_coherentState", BindingFlags.NonPublic | BindingFlags.Instance);

        var coherentStateValue = coherentState.GetValue(cache);

        var entriesCollection = coherentStateValue.GetType().GetProperty("EntriesCollection", BindingFlags.NonPublic | BindingFlags.Instance);

        var entriesCollectionValue = entriesCollection.GetValue(coherentStateValue) as ICollection;

        var keys = new List<string>();

        if (entriesCollectionValue != null)
        {
            foreach (var item in entriesCollectionValue)
            {
                var methodInfo = item.GetType().GetProperty("Key");

                var val = methodInfo.GetValue(item);

                keys.Add(val.ToString());
            }
        }

        return keys;
    }

    public static IEnumerable GetKeys(this IMemoryCache memoryCache)
    {
        return GetEntriesCollection(memoryCache);
    }

    public static IEnumerable<T> GetKeys<T>(this IMemoryCache memoryCache) =>
        memoryCache.GetKeys().OfType<T>();
} ```

[rozeskjm]

@BizzMine-PJ replacing "EntriesCollection" with "StringEntriesCollection" appears to have solved this for me

[jiataocai]

.NET 6 and above replacing "EntriesCollection" with "StringKeyEntriesCollection" fixed this issue..

[ayaya-dev]

When upgrading from 6.0.133 to 6.0.135 our builds fail with a bunch of:

C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018: The "GenerateDepsFile" task failed unexpectedly.
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018: System.IO.FileNotFoundException: Could not load file or assembly 'System.Text.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The system cannot find the file specified.
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018: File name: 'System.Text.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51'
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.Extensions.DependencyModel.DependencyContextWriter.Write(DependencyContext context, Stream stream)
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.GenerateDepsFile.WriteDepsFile(String depsFilePath)
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.GenerateDepsFile.ExecuteCore()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.TaskBase.Execute()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.TaskWithAssemblyResolveHooks.Execute()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.Build.BackEnd.TaskBuilder.<ExecuteInstantiatedTask>d__26.MoveNext()

The few projects that depend on System.Text.Json depend on version 8.0.5.

[trevelyanuk]

@BizzMine-PJ replacing "EntriesCollection" with "StringEntriesCollection" appears to have solved this for me

@BizzMine-PJ - this broke a live system for us as the LTS runtime used by Azure was silently updated to 8.0.10.

This would have been far less impactful had this been mentioned somewhere on the release notes, as we were trying to hunt down what the issue was. Can changes like this be documented more fully in future on release notes please?

[nskerl]

When upgrading from 6.0.133 to 6.0.135 our builds fail with a bunch of:

C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018: The "GenerateDepsFile" task failed unexpectedly.
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018: System.IO.FileNotFoundException: Could not load file or assembly 'System.Text.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The system cannot find the file specified.
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018: File name: 'System.Text.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51'
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.Extensions.DependencyModel.DependencyContextWriter.Write(DependencyContext context, Stream stream)
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.GenerateDepsFile.WriteDepsFile(String depsFilePath)
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.GenerateDepsFile.ExecuteCore()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.TaskBase.Execute()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.NET.Build.Tasks.TaskWithAssemblyResolveHooks.Execute()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()
C:\Program Files\dotnet\sdk\6.0.135\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.targets(172,5): error MSB4018:    at Microsoft.Build.BackEnd.TaskBuilder.<ExecuteInstantiatedTask>d__26.MoveNext()

The few projects that depend on System.Text.Json depend on version 8.0.5.

Is this issue being discussed/tracked anywhere? We are unable to update to latest SDK due to this issue.

[mreid-tt]

Team, as initially reported in this .NET issue comment, there seems to be a breaking change in the libraries for ARMv7 platforms, resulting in the following error:

Failed to load /usr/share/dotnet/shared/Microsoft.NETCore.App/6.0.33/libcoreclr.so, error: /lib/arm-linux-gnueabihf/libm.so.6: version `GLIBC_2.27' not found (required by /usr/share/dotnet/shared/Microsoft.NETCore.App/6.0.33/libcoreclr.so)
Segmentation fault

This issue has also been replicated in Radarr issue #10653 and SynoCommunity issue #6309 for users on Synology platforms with ARMv7 processors after upgrading from packages using .NET 6.0.32. Could this be investigated and resolved?

[rbhanda]

closing in favor of #9599