CVEs mean always having to patch your systems.
Two major CVEs in the wild, one patched; EF Core gained some quarantine weight, but I'm not one to judge. I eat junk food, and EF Core adds features. We all deal with these "unprecedented times" in our own way.
.NET Core 3.1.8 and .NET Core 2.1.22 have been released
This release includes a fix for a rather nasty CVE and... Not much else. CVE-2020-1045 allows an attacker to craft a cookie that can bypass ASP.NET Core security. Whaaaaaaatt. Patch your systems now.
CVE-2020-1472 has been reproduced
CVE-2020-1472 allows an attacker to bypass domain authentication with a specially crafted request that allows them to escalate their privileges. This is, of course, only an issue if you're using Microsoft server. You're not, right? You've already moved to linux? No? Oh.
Blazor now has a graphql client
In the "Leave some innovation for the rest of us", Blazor now has a GraphQL Client. Though, if you're using blazor and graphql you've blown your innovation token quota for a few years. Be safe out there.
.NET Conf Call for Content closes today at 2:59pm EDT (-4 UTC).
Which means... You've got a few hours to put your proposal together. Not sure how I missed the CFP, but I'll do better next time.
The virtual conference itself takes place November 10th and 11th, 2020. Expected releases include .NET 5.
EF Core for .NET 5 is done
Here's the list of things they finished just in Preview 8:
- Table-per-type (TPT) mapping
- Migrations: Rebuild SQLite tables
- Table-valued functions
- Flexible query/update mapping
- Context-wide split-query configuration
- PhysicalAddress (i.e., IP Address) mapping
- Add FieldInfo overload for NavigationBuilder
- Query generation for GroupBy with OwnsOne
- Support join after GroupByAggregate
- Generate a warning for multiple collection Includes
- Convert multiple equality on same column joined by Or/Else into SQL IN expression
- Make discriminator properties read-only be default
- Add an IDbContextFactory that pools context instances
- Cosmos: Allow PK with just the partition key
And that's just in Preview8. Great Job, EF Team!
I'm happy that EF Core will be ready for .NET 5; but my quiet voice says I can't wait for a less bloated ORM to take over.
Jetbrains dotUltimate / Resharper / Rider / et. al 2020.2 has been released
This fixes a really annoying bug I was facing in .NET 5 Preview 8 where my tests were listed as inconclusive and wouldn't run when I tried to debug them. There's also a lot more here, but squeaky wheel and all that.
NoVA (virtual) code camp is September 26th
If you have nothing to do that day (it's a saturday) and you want to learn some neat stuff, sign up novacodecamp.org.
Want to contribute to .NET but don't know where to start?
The .NET team has got you covered by listing what issues are up for grabs and their relative difficulty. Thanks to Tanner Gooding for the tweet.
Scott Hanselman compiled a .NET Team twitter list
Speaking of twitter, Scott Hanselman put together a list of all the members of the .NET team on twitter. If the intersection of twitter and .NET is your jam, two things:
- we should be friends, and
- follow that list.
And that's it for what happened last week in .NET. Overall a pretty light week. I’m George Stocker, and when I’m not following .NET, I’m helping teams double their productivity through adopting TDD practices that don’t suck.
I'll see you next week.