rel note updates

2018-07-10 10:19:45 -07:00 · 2018-07-10 10:19:45 -07:00 · 2f2194c11c
--- a/release-notes/1.0/1.0.12.md
+++ b/release-notes/1.0/1.0.12.md
@ -24,10 +24,33 @@ The [.NET Core Docker images](https://hub.docker.com/r/microsoft/dotnet/) have b

 See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blob/master/os-lifecycle-policy.md) to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

-Maybe a bit about 2.1 going LTS in the next few months. 
+.NET Core 2.1 is expected to be declared LTS in the next few months. It is recommended that 2.1 be the default target for projects. .NET Core 2.0 will go out of support October 2018.
+
+### Supported Linux version changes
+
+Fedora 26 and Ubuntu 17.10 will reach end of life in July. This is the last update of .NET Core which will support these versions.

 ## Notable Changes in 1.0.12

+### Microsoft Security Advisory CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability
+
+[CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/73)
+
+Executive summary
+
+Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
+
+Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who successfully exploited this vulnerability could present an expired certificate when challenged.
+
+The update addresses the vulnerability by correcting how .NET Core applications handle certificate validation.
+
 ### Package and Binary updates

-The following packages and binaries are updated by the July 2018 update:
+| Package name | Vulnerable versions | Secure versions |
+| :--- | :--- | :--- |
+System.Private.ServiceModel | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Duplex | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Http | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.NetTcp | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Primitives | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Security | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
--- a/release-notes/1.1/1.1.9.md
+++ b/release-notes/1.1/1.1.9.md
@ -24,15 +24,33 @@ The [.NET Core Docker images](https://hub.docker.com/r/microsoft/dotnet/) have b

 See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blob/master/os-lifecycle-policy.md) to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

-Maybe a bit about 2.1 going LTS in the next few months. 
+.NET Core 2.1 is expected to be declared LTS in the next few months. It is recommended that 2.1 be the default target for projects. .NET Core 2.0 will go out of support October 2018.

 ### Supported Linux version changes

-Note about 17.10 and Fedora 26 falling off.
-Note about distro support getting caught up.
+Fedora 26 and Ubuntu 17.10 will reach end of life in July. This is the last update of .NET Core which will support these versions.

 ## Notable Changes in 1.1.9

+### Microsoft Security Advisory CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability
+
+[CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/73)
+
+Executive summary
+
+Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
+
+Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who successfully exploited this vulnerability could present an expired certificate when challenged.
+
+The update addresses the vulnerability by correcting how .NET Core applications handle certificate validation.
+
 ### Package and Binary updates

-The following packages and binaries are updated by the July 2018 update:
+| Package name | Vulnerable versions | Secure versions |
+| :--- | :--- | :--- |
+System.Private.ServiceModel | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Duplex | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Http | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.NetTcp | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Primitives | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Security | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
--- a/release-notes/2.0/2.0.9.md
+++ b/release-notes/2.0/2.0.9.md
@ -26,17 +26,33 @@ The [.NET Core Docker images](https://hub.docker.com/r/microsoft/dotnet/) have b

 See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blob/master/os-lifecycle-policy.md) to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

-Maybe a bit about 2.1 going LTS in the next few months.
-
-A note that 2.0 will eol in October.
+.NET Core 2.1 is expected to be declared LTS in the next few months. It is recommended that 2.1 be the default target for projects. .NET Core 2.0 will go out of support October 2018.

 ### Supported Linux version changes

-Note about 17.10 and Fedora 26 falling off.
-Note about distro support getting caught up.
+Fedora 26 and Ubuntu 17.10 will reach end of life in July. This is the last update of .NET Core which will support these versions.

 ## Notable Changes in 2.0.9

+### Microsoft Security Advisory CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability
+
+[CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/73)
+
+Executive summary
+
+Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
+
+Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who successfully exploited this vulnerability could present an expired certificate when challenged.
+
+The update addresses the vulnerability by correcting how .NET Core applications handle certificate validation.
+
 ### Package and Binary updates

-The following packages and binaries are updated by the July 2018 update:
+| Package name | Vulnerable versions | Secure versions |
+| :--- | :--- | :--- |
+System.Private.ServiceModel | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Duplex | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Http | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.NetTcp | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Primitives | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Security | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
--- a/release-notes/2.1/2.1.2.md
+++ b/release-notes/2.1/2.1.2.md
@ -26,14 +26,31 @@ The [.NET Core Docker images](https://hub.docker.com/r/microsoft/dotnet/) have b

 See [.NET Core Supported OS Lifecycle Policy](https://github.com/dotnet/core/blob/master/os-lifecycle-policy.md) to learn about Windows, macOS and Linux versions that are supported for each .NET Core release.

-Maybe a bit about 2.1 going LTS in the next few months and 2.0 going EOL in October.
-
 ### Supported Linux version changes

-Note about 17.10 and Fedora 26 falling off.
+Fedora 26 and Ubuntu 17.10 will reach end of life in July. This is the last update of .NET Core which will support these versions.

 ## Notable Changes in 2.1.2

+### Microsoft Security Advisory CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability
+
+[CVE-2018-8356: .NET Core Security Feature Bypass Vulnerability](https://github.com/dotnet/announcements/issues/73)
+
+Executive summary
+
+Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
+
+Microsoft is aware of a security feature bypass vulnerability that exists when .NET Core does not correctly validate certificates. An attacker who successfully exploited this vulnerability could present an expired certificate when challenged.
+
+The update addresses the vulnerability by correcting how .NET Core applications handle certificate validation.
+
 ### Package and Binary updates

-The following packages and binaries are updated by the July 2018 update:
+| Package name | Vulnerable versions | Secure versions |
+| :--- | :--- | :--- |
+System.Private.ServiceModel | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Duplex | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Http | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.NetTcp | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Primitives | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
+System.ServiceModel.Security | 4.0.0, 4.1.0, 4.1.1 <br> 4.3.0, 4.3.1 <br>4.4.0, 4.4.1, 4.4.2 <br> 4.5.0, 4.5.1 | 4.1.2 or later <br> 4.3.2 or later <br> 4.4.3 or later <br> 4.5.2 or later |
--- a/release-notes/releases.json
+++ b/release-notes/releases.json
@ -22,7 +22,7 @@
        "runtime-win-x86.exe": "dotnet-runtime-2.1.2-win-x86.exe",
        "runtime-win-x64.exe": "dotnet-runtime-2.1.2-win-x64.exe",
        "sdk-linux-x64": "dotnet-sdk-2.1.302-linux-x64.tar.gz",
-        "sdk-mac-x64": "dotnet-sdk-2.1.302-osx-x64.tar.gz",
+        "sdk-mac-x64": "https://dotnetcli.blob.core.windows.net/dotnet/Sdk/2.1.302/dotnet-sdk-2.1.302-osx-x64.tar.gz",
        "sdk-mac-x64.pkg": "dotnet-sdk-2.1.302-osx-x64.pkg",
        "sdk-mac-x64.pkg-gs": "dotnet-sdk-2.1.302-osx-gs-x64.pkg",
        "sdk-win-x86": "dotnet-sdk-2.1.302-win-x86.zip",