CVEs mean always having to patch your systems.

.NET Core 3.1.8 and .NET Core 2.1.22 have been released

This release includes a fix for a rather nasty CVE and... Not much else. CVE-2020-1045 allows an attacker to craft a cookie that can bypass ASP.NET Core security. Whaaaaaaatt. Patch your systems now.

CVE-2020-1472 has been reproduced

But speaking of CVEs, looks like a security firm reproduced CVE-2020-1472. 

CVE-2020-1472 allows an attacker to bypass domain authentication with a specially crafted request that allows them to escalate their privileges. This is, of course, only an issue if you're using Microsoft server. You're not, right? You've already moved to linux? No? Oh.

Blazor now has a graphql client

In the "Leave some innovation for the rest of us", Blazor now has a GraphQL Client. Though, if you're using blazor and graphql you've blown your innovation token quota for a few years. Be safe out there.

https://oceanware.wordpress.com/2020/09/08/blazor-wasm-graphql-client/

.NET Conf Call for Content closes today at 2:59pm EDT (-4 UTC).

Which means... You've got a few hours to put your proposal together. Not sure how I missed the CFP, but I'll do better next time.

The virtual conference itself takes place November 10th and 11th, 2020. Expected releases include .NET 5.

EF Core for .NET 5 is done

That's what's what they say (these aren't my words, I'm just the messenger).

Here's the list of things they finished just in Preview 8:

Table-per-type (TPT) mappingMigrations: Rebuild SQLite tablesTable-valued functionsFlexible query/update mappingContext-wide split-query configurationPhysicalAddress (i.e., IP Address) mappingAdd FieldInfo overload for NavigationBuilderQuery generation for GroupBy with OwnsOneSupport join after GroupByAggregateGenerate a warning for multiple collection IncludesConvert multiple equality on same column joined by Or/Else into SQL IN expressionMake discriminator properties read-only be defaultAdd an IDbContextFactory that pools context instancesCosmos: Allow PK with just the partition key

And that's just in Preview8. Great Job, EF Team! 

I'm happy that EF Core will be ready for .NET 5; but my quiet voice says I can't wait for a less bloated ORM to take over.

Jetbrains dotUltimate / Resharper / Rider / et. al 2020.2 has been released

This fixes a really annoying bug I was facing in .NET 5 Preview 8 where my tests were listed as inconclusive and wouldn't run when I tried to debug them. There's also a lot more here, but squeaky wheel and all that.

NoVA (virtual) code camp is September 26th

If you have nothing to do that day (it's a saturday) and you want to learn some neat stuff, sign up novacodecamp.org.

Want to contribute to .NET but don't know where to start?

The .NET team has got you covered by listing what issues are up for grabs and their relative difficulty. Thanks to Tanner Gooding for the tweet.

Scott Hanselman compiled a .NET Team twitter list

Speaking of twitter, Scott Hanselman put together a list of all the members of the .NET team on twitter. If the intersection of twitter and .NET is your jam, two things:

we should be friends, and follow that list.

And that's it for what happened last week in .NET. Overall a pretty light week. I’m George Stocker, and when I’m not following .NET, I’m helping teams double their productivity through adopting TDD practices that don’t suck. 

I'll see you next week.