-
|
From my understanding, the vulnerability "Security Advisory CVE-2020-1597 - ASP.NET Core Denial of Service Vulnerability" (#24796) affects only .NET Core. However, the page found at the link hereafter references Visual Studio Versions 2017 and 2019 (Table in the middle of page), making it appear as if these IDEs needed to also be patched. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1597 Could anyone please confirm that nothing needs to be patched for these software? Thank you. J. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 1 reply
-
|
Those IDEs come with .NET Core in them, and thus they get updates as well, to update the .NET Core version they carry to a patched one, that's why they're listed, and why they get an update. |
Beta Was this translation helpful? Give feedback.
-
|
I see. Thank you blowdart! |
Beta Was this translation helpful? Give feedback.
-
|
Actually, I had another question. If a solution build with Visual Studio does not use the .NET Core per se, does it need to be re-compiled, or only the ones using the .NET Core requires re-compilation? Thank you again. J |
Beta Was this translation helpful? Give feedback.
-
|
Depends on the CVE. For that one, just ASP.NET Core apps. And updating the runtime would actually fix it, no need to recompile generally. |
Beta Was this translation helpful? Give feedback.
-
|
Wonderful! Thank you. |
Beta Was this translation helpful? Give feedback.
Those IDEs come with .NET Core in them, and thus they get updates as well, to update the .NET Core version they carry to a patched one, that's why they're listed, and why they get an update.