Start Debugging

Tag: security

5 posts

2026-05-20 dotnet dotnet-10 nuget

NuGet Package Pruning Is On by Default in .NET 10

NuGet Package Pruning shipped on-by-default for net10.0 projects, cutting transitive vulnerability reports by 70% and restore times by up to 50%.

2026-05-02 dotnet mcp ai-agents

Agent Governance Toolkit puts a YAML policy in front of every MCP tool call from .NET

Microsoft's new Microsoft.AgentGovernance package wraps MCP tool calls with a policy kernel, a security scanner, and a response sanitizer. Here is what each piece does and how the wiring looks in C#.

2026-04-25 aspire opentelemetry security

Aspire 13.2.4 Patches CVE-2026-40894: Baggage Header DoS in OpenTelemetry .NET

Aspire 13.2.4 ships an OpenTelemetry bump for CVE-2026-40894, a Gen0 allocation amplification in baggage, B3, and Jaeger propagator parsing. Update OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators to 1.15.3 even if you are not on Aspire.

2026-04-21 dotnet aspnetcore security

.NET 10.0.7 Ships Out-of-Band to Fix CVE-2026-40372 in ASP.NET Core Data Protection

A HMAC validation flaw in Microsoft.AspNetCore.DataProtection 10.0.0 through 10.0.6 lets attackers forge ciphertexts. .NET 10.0.7 is the mandatory fix.

2026-02-08 dotnet-10 cryptography security

.NET 10 Post-Quantum Cryptography: ML-KEM, ML-DSA, and SLH-DSA

.NET 10 adds native support for post-quantum cryptography algorithms ML-KEM, ML-DSA, and SLH-DSA, preparing your applications for a quantum-resistant future.