You can see what was included in each .NET Native 1.4 (Microsoft.NETCore.UniversalWindowsPlatform 5.2.x) release, below.
When using Visual Studio these packages require Visual Studio 2015 Update 3 or later.
- Fix for a domain spoofing vulnerability which causes the meaning of a URI to change when International Domain Name encoding is applied. An attacker who successfully exploited the vulnerability could redirect a URI. (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657)
- Fixed CVE-2018-8356: Security Feature Bypass in X509 Certificate Validation: dotnet/announcements#73
- Fixed CVE-2018-0786: Security Feature Bypass in X509 Certificate Validation: #597
- Fixed an issue that caused DataContractJsonSerializer to fail to serialize any [DataContract] type whose default constructor is not public.
- Fixed a regression in 5.2.2 where 4 Libraries were accidently no longer referenced by default
- System.Collections.NonGeneric
- System.Collections.Specialized
- System.Threading.Overlapped
- System.Xml.XmlDocument
You can read more about these changes in the Visual Studio 2015 Update 3 blog post.
- Fixed several customer reported bugs.
- Improved release build compilation times of large applications.
- Improved runtime performance for XAML applications and Unity games.