{"id":3894,"date":"2026-04-21T19:13:51","date_gmt":"2026-04-21T19:13:51","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/04\/21\/net-10-0-7-out-of-band-security-update\/"},"modified":"2026-04-21T19:13:51","modified_gmt":"2026-04-21T19:13:51","slug":"net-10-0-7-out-of-band-security-update","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/04\/21\/net-10-0-7-out-of-band-security-update\/","title":{"rendered":".NET 10.0.7 Out-of-Band Security Update"},"content":{"rendered":"<p>We are releasing .NET 10.0.7 as an out-of-band (OOB) update to address a security issue introduced in <a href=\"https:\/\/www.nuget.org\/packages\/Microsoft.AspNetCore.DataProtection\">Microsoft.AspNetCore.DataProtection<\/a>.<\/p>\n<h2>Security update details<\/h2>\n<p>This release includes a fix for <a href=\"https:\/\/github.com\/dotnet\/announcements\/issues\/395\">CVE-2026-40372<\/a><\/p>\n<p>After the Patch Tuesday 10.0.6 release, some customers reported that decryption was failing in their applications. This behavior was reported in <a href=\"https:\/\/github.com\/dotnet\/aspnetcore\/issues\/66335\">aspnetcore issue #66335<\/a>.<\/p>\n<p>While investigating those reports, we determined that the regression also exposed a vulnerability. In versions 10.0.0 through .NET 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package, the managed authenticated encryptor could compute its HMAC validation tag over the wrong bytes of the payload and then discard the computed hash, which could result in elevation of privilege.<\/p>\n\n<div class=\"alert alert-warning\">\n<p class=\"alert-divider\"><i class=\"fabric-icon fabric-icon--Warning\"><\/i><strong>Update required<\/strong><\/p>\n<p>If your application uses ASP.NET Core Data Protection, update the Microsoft.AspNetCore.DataProtection package to 10.0.7 as soon as possible to address the decryption regression and security vulnerability.<\/p><\/div>\n<h3>Download .NET 10.0.7<\/h3>\n<table>\n<thead>\n<tr>\n<th><\/th>\n<th>.NET 10.0<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Release Notes<\/td>\n<td><a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/10.0\/README.md\">10.0 release notes<\/a><\/td>\n<\/tr>\n<tr>\n<td>Installers and binaries<\/td>\n<td><a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/10.0\">10.0.7<\/a><\/td>\n<\/tr>\n<tr>\n<td>Container Images<\/td>\n<td><a href=\"https:\/\/mcr.microsoft.com\/catalog?search=dotnet\/\">images<\/a><\/td>\n<\/tr>\n<tr>\n<td>Linux packages<\/td>\n<td><a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/10.0\/install-linux.md\">10.0<\/a><\/td>\n<\/tr>\n<tr>\n<td>Known Issues<\/td>\n<td><a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/10.0\/known-issues.md\">10.0<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Installation guidance<\/h3>\n<ol>\n<li>Download and install the <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/10.0\">.NET 10.0.7 SDK or Runtime<\/a>.<\/li>\n<li>Verify installation by running <code>dotnet --info<\/code> and confirming you are on 10.0.7.<\/li>\n<li>Rebuild and redeploy your applications using updated images or packages.<\/li>\n<\/ol>\n<h2>Share your feedback<\/h2>\n<p>If you experience any issues after installing this update, please let us know in the <a href=\"https:\/\/github.com\/dotnet\/core\/issues\">.NET release feedback issues<\/a>.<\/p>\n<p>The post <a href=\"https:\/\/devblogs.microsoft.com\/dotnet\/dotnet-10-0-7-oob-security-update\/\">.NET 10.0.7 Out-of-Band Security Update<\/a> appeared first on <a href=\"https:\/\/devblogs.microsoft.com\/dotnet\">.NET Blog<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>We are releasing .NET 10.0.7 as an out-of-band (OOB) update to address a security issue introduced in Microsoft.AspNetCore.DataProtection. Security update [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":94,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[7],"tags":[],"class_list":["post-3894","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=3894"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3894\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/94"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=3894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=3894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=3894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}