Patch Tuesday is up. .NET Core gets some updates, so check Microsoft Update, or the VS installer.

Denial of Service : CVE-2021-1721 https://github.com/dotnet/announcements/issues/175

Remote Code Execution : CVE-2021-24112 https://github.com/dotnet/announcements/issues/176
But there's something bigger, affecting dependency feeds over multiple languages when you mix private and public feeds, or some multiple feeds configurations. I suggest you all go read our white paper https://aka.ms/pkg-sec-wp  - we cover pip, nuget, maven and gradle.
3 Ways to Mitigate Risk When Using Private Package Feeds

Software today has become an assembly of components from a wide range of sources. Many organizations use public package feeds to take advantage of the open ecosystems they offer. Projects that cons...

https://aka.ms/pkg-sec-wp
Thank you Alex for your research into this, it was fun to discover and fix. https://twitter.com/alxbrsn/status/1359200840876257287?s=20
Especially as all I did was watch and send emails, and did no real work :)
Azure also has a blog post about how Azure Artifacts is changing to help you protect yourself https://aka.ms/upstreamBehaviorBlog
Changes to Azure Artifact Upstream Behavior | Azure DevOps Blog

We live in a world that has walls and those walls need to be guarded by people with swords. Eh… not a literal sword in this case😀, but with behaviors that can help keep your assets more secure and...

https://aka.ms/upstreamBehaviorBlog
You can follow @blowdart.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.