Microsoft announced the ASP.NET Core September 2016 Patch Release

Microsoft announced on September 13, 2016 that they are making available a patch release to the ASP.NET Core 1.0 release.  The official announcement can be read here.

According to the release note, this patch contains the following security advisory:

and the following changes:

To update an application to make use of the new release, simply update the package references in project.json file to use the latest 1.0.1 versions of the packages.

Microsoft recommends that the following packages version number be updated to 1.0.1 if they are referenced in the project.json:

  • Microsoft.EntityFrameworkCore
  • Microsoft.AspNetCore.Server.Kestrel
  • Microsoft.AspNetCore.Mvc
  • Microsoft.AspNetCore.Antiforgery
  • Microsoft.AspNetCore.Routing

The last two packages, Antiforgery and Routing, are referenced by the MVC package.  Unless they are directly referenced in project.json, no further updating is required.   The package manager will automatically include the updated versions when it updates the MVC package.

Andrew Lock has a nice writeup comparing the code changes from ASP.NET Core 1.0.0 to 1.0.1 in his article Viewing what’s changed in ASP.NET Core 1.0.1.

Individual Package Release Notes

Antiforgery

Bugs Fixed

  • How do I modify the defaults for Antiforgery to make it FIPS-compliant (#95)

EntityFramwork

Bugs Fixed

  • Query: Second level expand not returning correct data (#6366)
  • Query: GroupJoin generates LEFT-JOIN and doesn’t return all results (#6360)
  • ModelBuilder: Confusing exception when mismatched property types are used in a relationship (#6260)
  • Migrations: Using name with Script-Migration doesn’t work (only ID) (#6228)
  • Migrations: Script-Migration doesn’t revert -From migration (#6126)
  • Query: LoadAsync does not work (#6122)
  • SaveChanges: Wrong save order for one to many in combination with multi level inheritance (#6055)
  • Query: Wrong data in included navigation when using Skip() method (#5901)
  • ModelBuilder: Exception when KeyAttribute used with inheritance (#5898)
  • Migrations: RC2 to RTM Regression – Different properties with same name in derived classes cause exceptions (#5894)
  • Query: Error using a compare with a nullable boolean (#5877)
  • Query: Invalid SQL generated for Guid literals on SQLite (#5801)
  • Globalization: Potential bugs due to not specifying culture in string.Format() (#5765)
  • Query: Incorrect type mapping chosen for parameter – causes invalid SQL on Postgres (#5717)
  • Query: Exception when filter uses subquery and query is executed asynchronously (#5640)
  • Query: Exception when projecting navigation property value that could return null, but does not (“Argument Types do not match”) (#5522)
  • Query: Threading issues cause NullReferenceException in SimpleNullableDependentKeyValueFactory (#5456)
  • Query: Exception when filtering on nullable boolean value (through navigation property) (#5454)
  • Query: Exception when using OrderBy and navigation (“A column has been specified more than once in the order by list”) (#5427)
  • Query: Select after complex GroupJoin leads to unpredictable results (#4858)
  • Query: Join flattening fails for some cases involving SelectMany (#4539)
  • Query: Exception when using the “let” keyword and grouping (#3676)

KestrelHttpServer

Bugs Fixed

  • When HttpResponse.Body is replaced, the replacement is used for future requests (#1028)

Mvc

Bugs Fixed

  • MVC doesn’t work on FIPS-compliant machines (#5103)
  • HTTP Verbs mapping error GET and DELETE (#5038)
  • ViewComponentResult does not await the executor.ExecuteAsync method. (#4998)

Routing

Bugs Fixed

  • Port fix for “Request not matching route with defaults” to 1.0.1 (#346)

Leave a Reply

Your email address will not be published. Required fields are marked *