Start Debugging

Tag: security

3 posts

2026-04-25 aspire opentelemetry security

Aspire 13.2.4 Patches CVE-2026-40894: Baggage Header DoS in OpenTelemetry .NET

Aspire 13.2.4 ships an OpenTelemetry bump for CVE-2026-40894, a Gen0 allocation amplification in baggage, B3, and Jaeger propagator parsing. Update OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators to 1.15.3 even if you are not on Aspire.

2026-04-21 dotnet aspnetcore security

.NET 10.0.7 Ships Out-of-Band to Fix CVE-2026-40372 in ASP.NET Core Data Protection

A HMAC validation flaw in Microsoft.AspNetCore.DataProtection 10.0.0 through 10.0.6 lets attackers forge ciphertexts. .NET 10.0.7 is the mandatory fix.

2026-02-08 dotnet-10 cryptography security

.NET 10 Post-Quantum Cryptography: ML-KEM, ML-DSA, and SLH-DSA

.NET 10 adds native support for post-quantum cryptography algorithms ML-KEM, ML-DSA, and SLH-DSA, preparing your applications for a quantum-resistant future.