[Last Week in .NET #89] – CVE Inflation

A few CVEs patched, a book written on Regex. It’s an eventful week, let’s dive in.

.NET 7.0.0 Preview 4 is out. Looks like bug fixes here, nothing major. 🐛

.NET 6.0.5 has been released which fixes three CVEs (all denial of service) and quite a few bugfixes. 🚨

.NET 5.0.17 has been released and it fixes those same three CVEs. 🚨

.NET Core 3.1.25 has been released and you guessed it, it fixes those same three CVEs. 🚨

That’s it on the release side, here’s what else happened Last Week in .NET:

Khalid Abuhakmeh shares a tip on how to use the Convert class to convert a number into its binary representation. After working in embedded C this is one of those things that I’ll never take for granted again. 🏗

Microsoft launches [paid] cybersecurity services to help clients fight off ransomware and other attacks.

  1. Build an insecure OS.
  2. Charge people to make it more secure.
  3. Profit.

Even if this is all above board, it sure looks twisted. 🟡

Speaking of security vulnerabilities, CVE-2022-1388 is an F5 (network equipment) vulnerability, particularly against their REST APIs. Yes, some network devices support REST API access to the control plane. It’s a wild world that I used to work in, and not without its share of problems. 🚨

WSL now supports USB devices. Ouch. Microsoft makes a better linux than linux makes. 👉👈

Microsoft has a knowledgebase of styles of architecture for Azure. This is nice. More, please. 😊

Shiny.NET 2.5.1 is out. What’s Shiny.NET you ask? I really have no idea. The twitter account description says,

“Make all your apps shiny with http://Shiny.NET -github.com/shinyorg/ – please don’t @ for support – go to github!”,

and the Github description says,

“We make shiny nuget packages for Xamarin, Windows, & All Things .NET”. Again, no idea.

If I go into the ‘shiny’ repository, it says,

“Shiny is a cross platform framework designed for Xamarin & UWP to make working with device services and background processes easy, testable, and consistent while bringing things like dependency injection & logging in a structured way to your code!”

…and that took long enough that I need a nap. 🤷‍♀️

I’ve touted Polly quite a few times here and elsewhere, and the .NET on AWS folks release a blog post series about it. With modern software, polly is a requirement. 🍾

Visual Studio 2022 17.2 is available and it includes support for C# 11’s “raw string literals”, and they’re making the Razor editor better (thank heavens!). There are a lot more goodies in the release, so give it a look-see.

And the team that works on Visual Studio 2022 version 17.3 Preview 1 also released their latest update last week. Lots of little fixes here, and if you like Preview bits, have at it. 🍾

Using the new .NET threading API sped up a benchmark by 4x. That’s… a lot. I always thought .NET [Framework] was pretty fast, but to learn how much faster .NET [Core] is astonishes me. 🚄

Redefining the term 10x Developer The real 10x developers are the compilers we met along the way. 👋

A shockingly deep dive on Regex Improvements in .NET 7 It’s a 30 minute read from this point, and worth every minute. 📚

And that’s it for what happened Last Week in .NET. If you find something you think I’ll like, email me at george at georgestocker dot com or send me a tweet @ gortok on twitter.

Leave a Reply