Microsoft announced on September 13, 2016 that they are making available a patch release to the ASP.NET Core 1.0 release. The official announcement can be read here.
According to the release note, this patch contains the following security advisory:
- Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege (aspnet/Announcements#203)
and the following changes:
To update an application to make use of the new release, simply update the package references in project.json
file to use the latest 1.0.1 versions of the packages.
Microsoft recommends that the following packages version number be updated to 1.0.1 Read more