.NET June 2025 Update - .NET 8.0.17 and .NET 9.0.6 #9930
Description
.NET June 2025 Update
Release Notes
Status
| Asset Type | 9.0.6 | 8.0.17 | Notes |
|---|---|---|---|
| Installers/Binaries | ✅ | ✅ | |
| Container Images (Linux) |
✅ | ✅ | |
| Container Images (Windows) |
✅ | ✅ | |
| Winget Packages | |||
| Linux Installers (Microsoft distribution) | The list below refers to the Microsoft-provisioned feeds (packages.microsoft.com) and does not in any way represent direct availability in distros (eg RHEL, Fedora). | ||
| Debian 12 | ✅ | ✅ | |
| Fedora 40 | ✅ | ✅ | |
| Fedora 41 | ✅ | ✅ | |
| OpenSUSE 15 | ✅ | ✅ | |
| Oracle 8 | ✅ | ✅ | |
| Oracle 9 | ✅ | ✅ | |
| Ubuntu 20.04 | ✅ | ✅ | |
| Ubuntu 22.04 | ✅ | ✅ | |
| Ubuntu 24.04 | ✅ | ✅ | |
| Ubuntu 24.10 | ✅ | ✅ |
Issues
Please report any issues you find either by responding to this issue, creating a new issue or creating a new issue in one of the following repos:
- ASP.NET Core: dotnet/aspnetcore
- Entity Framework Core: dotnet/efcore
- .NET CLI/SDK dotnet/sdk
- .NET runtime dotnet/runtime
- Winforms: dotnet/winforms
- WPF: dotnet/wpf
- NuGet: nuget/home
- Containers: dotnet/dotnet-docker
- Winget: microsoft/winget-pkgs
Known Issues
.NET 8.0.17 & .NET 9.0.6 Breaking Change
Breaking Change: UseForwardedHeaders middleware now always checks ForwardedHeadersOptions.KnownNetworks and ForwardedHeadersOptions.KnownProxies
UseForwardedHeaders middleware now always checks ForwardedHeadersOptions.KnownNetworks and ForwardedHeadersOptions.KnownProxies. Because both KnownNetworks and KnownProxies default to Loopback this means deployed applications may fail to apply X-Forwarded-* headers resulting in properties like scheme and host not being updated which can have side-effects e.g. UseHttpsRedirection() might always see http and always redirecting the request.
The recommended fix is to set the KnownNetworks and KnownProxies values to the appropriate values. See https://learn.microsoft.com/aspnet/core/host-and-deploy/proxy-load-balancer for more details on using proxies and UseForwardedHeaders(). Alternatively, if you are fine accepting X-Forwarded-* headers from any source, which introduces security vulnerabilities, you can clear the KnownNetworks and KnownProxies properties.