Bump Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.0 to 9.0.10 #2

Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#61622)
The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence forwarded header values, preventing potential spoofing or misrouting issues.

Dependency Updates

Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#61762)
Updates the GoogleTest submodule to a newer commit, bringing in the latest improvements and bug fixes from the upstream project.
Update dependencies from dotnet/arcade (#61714)
Updates internal build and infrastructure dependencies from the dotnet/arcade repository, ensuring compatibility and access to the latest build tools.
Update dependencies from dotnet/extensions (#61571)
Refreshes dependencies from the dotnet/extensions repository, incorporating the latest features and fixes from the extensions libraries.
Update dependencies from dotnet/extensions (#61877)
Further updates dependencies from dotnet/extensions, ensuring the project benefits from recent improvements and bug fixes.
Update dependencies from dotnet/arcade (#61892)
Additional updates to build and infrastructure dependencies from dotnet/arcade, maintaining up-to-date tooling and build processes.

Miscellaneous

Update branding to 9.0.6 (#61831)
Updates the project version and branding to 9.0.6, reflecting the new release and ensuring version consistency across the codebase.
Merging internal commits for release/9.0 (#61925)
Incorporates various internal commits into the release/9.0 branch, ensuring that all relevant changes are included in this release.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: v9.0.5...v9.0.6

9.0.5

Release

What's Changed

Update branding to 9.0.5 by @vseanreesermsft in Update branding to 9.0.5 dotnet/aspnetcore#61284
[release/9.0] (deps): Bump src/submodules/googletest from 24a9e94 to 52204f7 by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from 24a9e94 to 52204f7 dotnet/aspnetcore#61261
[release/9.0] Upgrade to Ubuntu 22 by @github-actions in [release/9.0] Upgrade to Ubuntu 22 dotnet/aspnetcore#61215
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#60964
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#60902
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#61355
[release/9.0] Caching SERedis critical bugfix; defer HC metadata detection because of DI cycle by @github-actions in [release/9.0] Caching SERedis critical bugfix; defer HC metadata detection because of DI cycle dotnet/aspnetcore#60916
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#61354
Merging internal commits for release/9.0 by @vseanreesermsft in Merging internal commits for release/9.0 dotnet/aspnetcore#61393
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#61412
Revert "Revert "[release/9.0] Update remnants of azureedge.net"" by @wtgodbe in Revert "Revert "[release/9.0] Update remnants of azureedge.net"" dotnet/aspnetcore#60353
[release/9.0] Fix preserving messages for stateful reconnect with backplane by @github-actions in [release/9.0] Fix preserving messages for stateful reconnect with backplane dotnet/aspnetcore#61374
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#61483
[Identity] Fix Identity UI asset definitions by @javiercn in [Identity] Fix Identity UI asset definitions dotnet/aspnetcore#59100

Full Changelog: dotnet/aspnetcore@v9.0.4...v9.0.5

9.0.4

Release

What's Changed

Update branding to 9.0.4 by @vseanreesermsft in Update branding to 9.0.4 dotnet/aspnetcore#60785
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#60445
[release/9.0] (deps): Bump src/submodules/googletest from e235eb3 to 24a9e94 by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from e235eb3 to 24a9e94 dotnet/aspnetcore#60678
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#60356
Fix OpenAPI server URLs for Aspire scenarios by @captainsafia in Fix OpenAPI server URLs for Aspire scenarios dotnet/aspnetcore#60673
Fix self-referential schema handling in collection schemas by @captainsafia in Fix self-referential schema handling in collection schemas dotnet/aspnetcore#60410
[release/9.0] [Blazor] Fix custom elements JS assets not being included in build output by @MackinnonBuck in [release/9.0] [Blazor] Fix custom elements JS assets not being included in build output dotnet/aspnetcore#60858
Merging internal commits for release/9.0 by @vseanreesermsft in Merging internal commits for release/9.0 dotnet/aspnetcore#60880

Full Changelog: dotnet/aspnetcore@v9.0.3...v9.0.4

9.0.3

Release

What's Changed

Update branding to 9.0.3 by @vseanreesermsft in Update branding to 9.0.3 dotnet/aspnetcore#60198
[release/9.0] Fix branding by @wtgodbe in [release/9.0] Fix branding dotnet/aspnetcore#60029
[release/9.0] Update to MacOS 15 in Helix by @github-actions in [release/9.0] Update to MacOS 15 in Helix dotnet/aspnetcore#60238
[release/9.0] Revert "Revert "Use the latest available jdk"" by @github-actions in [release/9.0] Revert "Revert "Use the latest available jdk"" dotnet/aspnetcore#60229
[release/9.0] Update HtmlAttributePropertyHelper to correctly follow the MetadataUpdateHandlerAttribute contract by @github-actions in [release/9.0] Update HtmlAttributePropertyHelper to correctly follow the MetadataUpdateHandlerAttribute contract dotnet/aspnetcore#59908
[release/9.0] Fix skip condition for java tests by @github-actions in [release/9.0] Fix skip condition for java tests dotnet/aspnetcore#60242
[release/9.0] (deps): Bump src/submodules/googletest from 7d76a23 to e235eb3 by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from 7d76a23 to e235eb3 dotnet/aspnetcore#60151
[release/9.0] Readd DiagnosticSource to KestrelServerImpl by @github-actions in [release/9.0] Readd DiagnosticSource to KestrelServerImpl dotnet/aspnetcore#60202
[release/9.0] Redis distributed cache: add HybridCache usage signal by @github-actions in [release/9.0] Redis distributed cache: add HybridCache usage signal dotnet/aspnetcore#59886
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#59952
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#59951
[release/9.0] Update remnants of azureedge.net by @sebastienros in [release/9.0] Update remnants of azureedge.net dotnet/aspnetcore#60263
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#60291
[release/9.0] Centralize on one docker container by @wtgodbe in [release/9.0] Centralize on one docker container dotnet/aspnetcore#60298
Revert "[release/9.0] Update remnants of azureedge.net" by @wtgodbe in Revert "[release/9.0] Update remnants of azureedge.net" dotnet/aspnetcore#60323
Merging internal commits for release/9.0 by @vseanreesermsft in Merging internal commits for release/9.0 dotnet/aspnetcore#60317

Full Changelog: dotnet/aspnetcore@v9.0.2...v9.0.3

9.0.2

Release

What's Changed

Update branding to 9.0.2 by @vseanreesermsft in Update branding to 9.0.2 dotnet/aspnetcore#59757
[release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#59267
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#59266
[release/9.0] Update OSX helix queue by @github-actions in [release/9.0] Update OSX helix queue dotnet/aspnetcore#59743
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#59728
[release/9.0] (deps): Bump src/submodules/googletest from d144031 to 7d76a23 by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from d144031 to 7d76a23 dotnet/aspnetcore#59679
[release/9.0] Skip tests on internal queues too by @github-actions in [release/9.0] Skip tests on internal queues too dotnet/aspnetcore#59578
[release/9.0] Fix loading dotnet user-jwts config by @github-actions in [release/9.0] Fix loading dotnet user-jwts config dotnet/aspnetcore#59473
[release/9.0] Fix MultipartReaderStream synchronous read when using buffer offset by @github-actions in [release/9.0] Fix MultipartReaderStream synchronous read when using buffer offset dotnet/aspnetcore#59422
[release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/xdt dotnet/aspnetcore#59419
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#59611
[release/9.0] Fix Kestrel host header mismatch handling when port in Url by @github-actions in [release/9.0] Fix Kestrel host header mismatch handling when port in Url dotnet/aspnetcore#59362
Migrate off of Fedora 38 by @v-firzha in Migrate off of Fedora 38 dotnet/aspnetcore#59613
[release/9.0] [Blazor WASM standalone] Avoid caching index.html during development by @MackinnonBuck in [release/9.0] [Blazor WASM standalone] Avoid caching index.html during development dotnet/aspnetcore#59348
[release/9.0] Update to Fedora 41 by @github-actions in [release/9.0] Update to Fedora 41 dotnet/aspnetcore#59816
[release/9.0] Don't throw exception for parameters with custom binding source by @github-actions in [release/9.0] Don't throw exception for parameters with custom binding source dotnet/aspnetcore#59533
[release/9.0] Apply schema transformer to AdditionalProperties by @github-actions in [release/9.0] Apply schema transformer to AdditionalProperties dotnet/aspnetcore#59730
[release/9.0] Harden schema reference transformer for relative references by @captainsafia in [release/9.0] Harden schema reference transformer for relative references dotnet/aspnetcore#59779
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#59847
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#59848
[release/9.0] Return 206 Partial Content on Valid Range for Static Assets by @github-actions in [release/9.0] Return 206 Partial Content on Valid Range for Static Assets dotnet/aspnetcore#59325
Merging internal commits for release/9.0 by @vseanreesermsft in Merging internal commits for release/9.0 dotnet/aspnetcore#59871

Full Changelog: dotnet/aspnetcore@v9.0.1...v9.0.2

9.0.1

Release

What's Changed

Merging internal commits for release/9.0 by @vseanreesermsft in Merging internal commits for release/9.0 dotnet/aspnetcore#58900
[release/9.0] Prevent unnecessary debugger stops for user-unhandled exceptions in Blazor apps with Just My Code enabled by @halter73 in [release/9.0] Prevent unnecessary debugger stops for user-unhandled exceptions in Blazor apps with Just My Code enabled dotnet/aspnetcore#58573
Hot Reload agent improvements by @tmat in Hot Reload agent improvements dotnet/aspnetcore#58333
[release/9.0] Update dependencies from roslyn by @wtgodbe in [release/9.0] Update dependencies from roslyn dotnet/aspnetcore#59183
[release/9.0] Add direct reference to System.Drawing.Common in tools by @wtgodbe in [release/9.0] Add direct reference to System.Drawing.Common in tools dotnet/aspnetcore#59189
[release/9.0] Harden parsing of [Range] attribute values by @github-actions in [release/9.0] Harden parsing of [Range] attribute values dotnet/aspnetcore#59077
[release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#59143
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#59024
[release/9.0] (deps): Bump src/submodules/googletest from 6dae7eb to d144031 by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from 6dae7eb to d144031 dotnet/aspnetcore#59032
[release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/xdt dotnet/aspnetcore#58589
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#58675
[release/9.0] Fix SignalR Java POM to include description by @github-actions in [release/9.0] Fix SignalR Java POM to include description dotnet/aspnetcore#58896
[release/9.0] Fix IIS outofprocess to remove WebSocket compression handshake by @github-actions in [release/9.0] Fix IIS outofprocess to remove WebSocket compression handshake dotnet/aspnetcore#58931

Full Changelog: dotnet/aspnetcore@v9.0.0...v9.0.1

9.0.0

Release

What's Changed

Update branding to rtm by @wtgodbe in Update branding to rtm dotnet/aspnetcore#57907
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#57910
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#57922
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#57954
[release/9.0] Fix skip condition for IIS tests by @wtgodbe in [release/9.0] Fix skip condition for IIS tests dotnet/aspnetcore#57999
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#58032
[release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/runtime dotnet/aspnetcore#58015
[release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/winforms dotnet/aspnetcore#58033
[release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/runtime dotnet/aspnetcore#58048
[automated] Merge branch 'release/9.0-rc2' => 'release/9.0' by @github-actions in [automated] Merge branch 'release/9.0-rc2' => 'release/9.0' dotnet/aspnetcore#57975
[release/9.0] Update dependencies from dotnet/efcore by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore dotnet/aspnetcore#58052
Fix up OpenAPI schema handling and support concurrent requests by @captainsafia in Fix up OpenAPI schema handling and support concurrent requests dotnet/aspnetcore#58024
[release/9.0] Mark API from 9 as shipped by @wtgodbe in [release/9.0] Mark API from 9 as shipped dotnet/aspnetcore#58060
[release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#58034
[release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/runtime dotnet/aspnetcore#58117
[release/9.0] Enable TSA/Policheck by @github-actions in [release/9.0] Enable TSA/Policheck dotnet/aspnetcore#58123
[release/9.0] Add explicit conversion for value-type returning handlers with filters by @github-actions in [release/9.0] Add explicit conversion for value-type returning handlers with filters dotnet/aspnetcore#57967
[release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/xdt dotnet/aspnetcore#58116
[release/9.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 by @dependabot in [release/9.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 dotnet/aspnetcore#58183
[release/9.0] (deps): Bump src/submodules/googletest from 0953a17 to 6dae7eb by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from 0953a17 to 6dae7eb dotnet/aspnetcore#58184
[release/9.0] Change usage of "Country" to "CountryRegion" by @github-actions in [release/9.0] Change usage of "Country" to "CountryRegion" dotnet/aspnetcore#58280
Merge RC2 changes into 9.0 by @wtgodbe in Merge RC2 changes into 9.0 dotnet/aspnetcore#58296
[release/9.0] Remove ProviderKey from Hosting Bundle by @github-actions in [release/9.0] Remove ProviderKey from Hosting Bundle dotnet/aspnetcore#58293
[release/9.0] [Blazor] Fix template nav menu styling by @github-actions in [release/9.0] [Blazor] Fix template nav menu styling dotnet/aspnetcore#58277
[release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#58268
[release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/winforms dotnet/aspnetcore#58159
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#58158
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#58157
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#58182
[release/9.0] Update dependencies from dotnet/efcore by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore dotnet/aspnetcore#58306
[release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/runtime dotnet/aspnetcore#58315
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#58355
[release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/xdt dotnet/aspnetcore#58366
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#58344
[release/9.0] Fix handling for inert route parameters in MVC endpoints for OpenAPI by @github-actions in [release/9.0] Fix handling for inert route parameters in MVC endpoints for OpenAPI dotnet/aspnetcore#58311
[release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/winforms dotnet/aspnetcore#58413
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#58374
[release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#58414
[release/9.0] Fix ModelMetadata for TryParse-parameters in ApiExplorer by @captainsafia in [release/9.0] Fix ModelMetadata for TryParse-parameters in ApiExplorer dotnet/aspnetcore#58372
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#58421
[release/9.0] Stabilize branding by @wtgodbe in [release/9.0] Stabilize branding dotnet/aspnetcore#58444
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#58449
[release/9.0] [Infrastructure] Updated npm packages by @MackinnonBuck in [release/9.0] [Infrastructure] Updated npm packages dotnet/aspnetcore#58469
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#58462
[release/9.0] bumping ws dependency to fix component vulnerability by @github-actions in [release/9.0] bumping ws dependency to fix component vulnerability dotnet/aspnetcore#58458
[release/9.0] Improve dev-certs export error message by @github-actions in [release/9.0] Improve dev-certs export error message dotnet/aspnetcore#58471
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#58475
... (truncated)

9.0.0-rc.2.24474.3

Release

What's Changed

[automated] Merge branch 'release/9.0-rc1' => 'release/9.0' by @github-actions in [automated] Merge branch 'release/9.0-rc1' => 'release/9.0' dotnet/aspnetcore#57420
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#57366
[release/9.0] Add references to new 9.0 branches in .yml files by @wtgodbe in [release/9.0] Add references to new 9.0 branches in .yml files dotnet/aspnetcore#57463
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#57526
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#57446
[release/9.0] Quarantine two CircuitTests by @github-actions in [release/9.0] Quarantine two CircuitTests dotnet/aspnetcore#57606
[automated] Merge branch 'release/9.0-rc1' => 'release/9.0' by @github-actions in [automated] Merge branch 'release/9.0-rc1' => 'release/9.0' dotnet/aspnetcore#57659
[release/9.0] Fix duplicate error.type on kestrel.connection.duration by @github-actions in [release/9.0] Fix duplicate error.type on kestrel.connection.duration dotnet/aspnetcore#57581
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#57668
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#57436
[release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/winforms dotnet/aspnetcore#57527
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#57686
[release/9.0] Update dependencies from dotnet/xdt by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/xdt dotnet/aspnetcore#57691
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#57667
[release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#57528
[release/9.0] Update dependencies from dotnet/efcore by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore dotnet/aspnetcore#57697
[release/9.0] [Blazor] Invoke inbound activity handlers on circuit initialization by @github-actions in [release/9.0] [Blazor] Invoke inbound activity handlers on circuit initialization dotnet/aspnetcore#57678
Disable launching browser on Web API template by @captainsafia in Disable launching browser on Web API template dotnet/aspnetcore#57682
[release/9.0] [Static Assets] Improve development experience by @github-actions in [release/9.0] [Static Assets] Improve development experience dotnet/aspnetcore#57764
Include Readme.md in packages by @wtgodbe in Include Readme.md in packages dotnet/aspnetcore#57809
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#57759
[release/9.0] Update dependencies from dotnet/extensions by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#57760
[release/9.0] Update dependencies from dotnet/winforms by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/winforms dotnet/aspnetcore#57761
[release/9.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#57762
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#57708
HybridCache: relocate to dotnet/extensions by @mgravell in HybridCache: relocate to dotnet/extensions dotnet/aspnetcore#57670
[release/9.0] (deps): Bump src/submodules/googletest from ff233bd to 0953a17 by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from ff233bd to 0953a17 dotnet/aspnetcore#57643
Http.Sys: Clean up Request parsing errors by @BrennanConroy in Http.Sys: Clean up Request parsing errors dotnet/aspnetcore#57531
[release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/runtime dotnet/aspnetcore#57835
[release/9.0] [Identity][Templates] Ensure placeholders don't overlap with text by @github-actions in [release/9.0] [Identity][Templates] Ensure placeholders don't overlap with text dotnet/aspnetcore#57789
[release/9.0] Update dependencies from dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/runtime dotnet/aspnetcore#57858
Fix mapping for nested schemas and [Produces] attributes in OpenAPI implementation by @captainsafia in Fix mapping for nested schemas and [Produces] attributes in OpenAPI implementation dotnet/aspnetcore#57852
[release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/efcore, dotnet/runtime dotnet/aspnetcore#57866
[release/9.0] [Templates] Updates libraries dependencies content by @github-actions in [release/9.0] [Templates] Updates libraries dependencies content dotnet/aspnetcore#57864
[release/9.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#57896
[release/9.0-rc2] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/9.0-rc2] Update dependencies from dotnet/arcade dotnet/aspnetcore#57931
Add registry search for upgrade policy keys by @wtgodbe in Add registry search for upgrade policy keys dotnet/aspnetcore#57952
Check for sentinel value when setting HTTP/3 error code by @amcasey in Check for sentinel value when setting HTTP/3 error code dotnet/aspnetcore#57976
[release/9.0-rc2] [Blazor] Update WebAssembly.DevServer to serve the Blazor-Environment header by @github-actions in [release/9.0-rc2] [Blazor] Update WebAssembly.DevServer to serve the Blazor-Environment header dotnet/aspnetcore#57974
Fix IAsyncEnumerable controller methods to allow setting headers by @BrennanConroy in Fix IAsyncEnumerable controller methods to allow setting headers dotnet/aspnetcore#57924
Add partitioned to cookie for SignalR browser testing by @BrennanConroy in Add partitioned to cookie for SignalR browser testing dotnet/aspnetcore#57997

Full Changelog: dotnet/aspnetcore@v9.0.0-rc.1.24452.1...v9.0.0-rc.2.24474.3

9.0.0-rc.1.24452.1

Release

9.0.0-preview.7.24406.2

Release

9.0.0-preview.6.24328.4

Release

9.0.0-preview.5.24306.11

Release

9.0.0-preview.4.24267.6

Release

9.0.0-preview.3.24172.13

Release

9.0.0-preview.2.24128.4

[Release[(https://github.com/dotnet/core/releases/tag/v9.0.0-preview.2)

9.0.0-preview.1.24081.5

Release

8.0.21

Release

What's Changed

Update branding to 8.0.21 by @vseanreesermsft in Update branding to 8.0.21 dotnet/aspnetcore#63509
[release/8.0] (deps): Bump src/submodules/googletest from 373af2e to eb2d85e by @dependabot[bot] in [release/8.0] (deps): Bump src/submodules/googletest from 373af2e to eb2d85e dotnet/aspnetcore#63500
[release/8.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key by @github-actions[bot] in [release/8.0] Make duplicate deb/rpm packages so we can sign them with the new PMC key dotnet/aspnetcore#63250
[release/8.0] Extend Unofficial 1ES template in IdentityModel nightly tests job by @github-actions[bot] in [release/8.0] Extend Unofficial 1ES template in IdentityModel nightly tests job dotnet/aspnetcore#63466
[release/8.0] Quarantine ResponseBody_WriteContentLength_PassedThrough by @github-actions[bot] in [release/8.0] Quarantine ResponseBody_WriteContentLength_PassedThrough dotnet/aspnetcore#63534
[release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/source-build-reference-packages dotnet/aspnetcore#63261
[release/8.0] Use wait assert in flaky tests by @ilonatommy in [release/8.0] Use wait assert in flaky tests dotnet/aspnetcore#63565
[release/8.0] Update Microsoft.Build versions by @github-actions[bot] in [release/8.0] Update Microsoft.Build versions dotnet/aspnetcore#62507
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#63603
backport(8.0): Fix runtime architecture detection logic in ANCM by @DeagleGross in backport(8.0): Fix runtime architecture detection logic in ANCM dotnet/aspnetcore#63706

Full Changelog: dotnet/aspnetcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Update branding to 8.0.20 by @vseanreesermsft in Update branding to 8.0.20 dotnet/aspnetcore#63106
[release/8.0] (deps): Bump src/submodules/googletest from c67de11 to 373af2e by @dependabot[bot] in [release/8.0] (deps): Bump src/submodules/googletest from c67de11 to 373af2e dotnet/aspnetcore#63038
[release/8.0] Dispose the certificate chain elements with the chain by @MackinnonBuck in [release/8.0] Dispose the certificate chain elements with the chain dotnet/aspnetcore#62994
[release/8.0] Update SignalR Redis tests to use internal Docker Hub mirror by @github-actions[bot] in [release/8.0] Update SignalR Redis tests to use internal Docker Hub mirror dotnet/aspnetcore#63117
[release/8.0] [SignalR] Don't throw for message headers in Java client by @github-actions[bot] in [release/8.0] [SignalR] Don't throw for message headers in Java client dotnet/aspnetcore#62784
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#63152
[release/8.0] Update dependencies from dotnet/extensions by @dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#63188
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#63189

Full Changelog: dotnet/aspnetcore@v8.0.19...v8.0.20

8.0.18

Release

What's Changed

Update branding to 8.0.18 by @vseanreesermsft in Update branding to 8.0.18 dotnet/aspnetcore#62241
[release/8.0] Update Alpine helix references by @github-actions in [release/8.0] Update Alpine helix references dotnet/aspnetcore#62243
[release/8.0] (deps): Bump src/submodules/googletest from 04ee1b4 to e9092b1 by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from 04ee1b4 to e9092b1 dotnet/aspnetcore#62201
[8.0] Delete src/arcade directory by @akoeplinger in [8.0] Delete src/arcade directory dotnet/aspnetcore#61994
[Backport 8.0] [IIS] Manually parse exe bitness (#61894) by @BrennanConroy in [Backport 8.0] [IIS] Manually parse exe bitness (#61894) dotnet/aspnetcore#62037
[release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-reference-packages dotnet/aspnetcore#62006
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#61944
[release/8.0] Associate tagged keys with entries so replacements are not evicted by @github-actions in [release/8.0] Associate tagged keys with entries so replacements are not evicted dotnet/aspnetcore#62247
[release/8.0] Block test that is failing after switching to latest-chrome by @github-actions in [release/8.0] Block test that is failing after switching to latest-chrome dotnet/aspnetcore#62284
backport(net8.0): http.sys on-demand TLS client hello retrieval by @DeagleGross in backport(net8.0): http.sys on-demand TLS client hello retrieval dotnet/aspnetcore#62290
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#62302

Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18

8.0.17 Bug Fixes

Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#61623)
The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.

Dependency Updates

Update dependencies from dotnet/arcade (#61832)
This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.
Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#61761)
The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.

Miscellaneous

Update branding to 8.0.17 (#61830)
The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.
Merging internal commits for release/8.0 (#61924)
This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Update branding to 8.0.16 by @vseanreesermsft in Update branding to 8.0.16 dotnet/aspnetcore#61283
[release/8.0] (deps): Bump src/submodules/googletest from 24a9e94 to 52204f7 by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from 24a9e94 to 52204f7 dotnet/aspnetcore#61260
[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#61281
[release/8.0] Upgrade to Ubuntu 22 by @wtgodbe in [release/8.0] Upgrade to Ubuntu 22 dotnet/aspnetcore#61216
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#60901
[release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-reference-packages dotnet/aspnetcore#60926
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#61404
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#61398
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#61411
Revert "Revert "[release/8.0] Update remnants of azureedge.net"" by @wtgodbe in Revert "Revert "[release/8.0] Update remnants of azureedge.net"" dotnet/aspnetcore#60352
[release/8.0] Fix preserving messages for stateful reconnect with backplane by @BrennanConroy in [release/8.0] Fix preserving messages for stateful reconnect with backplane dotnet/aspnetcore#61375
[release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-reference-packages dotnet/aspnetcore#61442
fetch TLS client hello message from HTTP.SYS by @BrennanConroy in fetch TLS client hello message from HTTP.SYS dotnet/aspnetcore#61494

Full Changelog: dotnet/aspnetcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#60355
Update branding to 8.0.15 by @vseanreesermsft in Update branding to 8.0.15 dotnet/aspnetcore#60784
Add partitioned to cookie for SignalR browser testing by @BrennanConroy in Add partitioned to cookie for SignalR browser testing dotnet/aspnetcore#60728
[release/8.0] (deps): Bump src/submodules/googletest from e235eb3 to 24a9e94 by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from e235eb3 to 24a9e94 dotnet/aspnetcore#60677
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#60879

Full Changelog: dotnet/aspnetcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Update branding to 8.0.14 by @vseanreesermsft in Update branding to 8.0.14 dotnet/aspnetcore#60197
[release/8.0] (deps): Bump src/submodules/googletest from 7d76a23 to e235eb3 by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from 7d76a23 to e235eb3 dotnet/aspnetcore#60150
[release/8.0] Fix java discovery in IdentityModel pipeline by @wtgodbe in [release/8.0] Fix java discovery in IdentityModel pipeline dotnet/aspnetcore#60075
[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#60199
[release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-reference-packages dotnet/aspnetcore#59922
[release/8.0] Readd DiagnosticSource to KestrelServerImpl by @github-actions in [release/8.0] Readd DiagnosticSource to KestrelServerImpl dotnet/aspnetcore#60203
[release/8.0] Update to MacOS 15 in Helix by @github-actions in [release/8.0] Update to MacOS 15 in Helix dotnet/aspnetcore#60239
[release/8.0] Use the latest available JDK by @wtgodbe in [release/8.0] Use the latest available JDK dotnet/aspnetcore#60233
[release/8.0] Fix skip condition for java tests by @github-actions in [release/8.0] Fix skip condition for java tests dotnet/aspnetcore#60243
[release/8.0] Update list of helix queues to skip by @wtgodbe in [release/8.0] Update list of helix queues to skip dotnet/aspnetcore#60231
[release/8.0] [Blazor] Allow cascading value subscribers to get added and removed during change notification by @github-actions in [release/8.0] [Blazor] Allow cascading value subscribers to get added and removed during change notification dotnet/aspnetcore#57288
[release/8.0] Update remnants of azureedge.net by @sebastienros in [release/8.0] Update remnants of azureedge.net dotnet/aspnetcore#60264
[release/8.0] Centralize on one docker container by @wtgodbe in [release/8.0] Centralize on one docker container dotnet/aspnetcore#60299
Revert "[release/8.0] Update remnants of azureedge.net" by @wtgodbe in Revert "[release/8.0] Update remnants of azureedge.net" dotnet/aspnetcore#60324
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#60316

Full Changelog: dotnet/aspnetcore@v8.0.13...v8.0.14

8.0.13

Release

What's Changed

[release/8.0] Update dotnetbuilds CDN to new endpoint by @mmitche in [release/8.0] Update dotnetbuilds CDN to new endpoint dotnet/aspnetcore#59575
Update branding to 8.0.13 by @vseanreesermsft in Update branding to 8.0.13 dotnet/aspnetcore#59756
[release/8.0] Skip MVC template tests on HelixQueueArmDebian12 by @wtgodbe in [release/8.0] Skip MVC template tests on HelixQueueArmDebian12 dotnet/aspnetcore#59295
[release/8.0] Update OSX helix queue by @github-actions in [release/8.0] Update OSX helix queue dotnet/aspnetcore#59742
[release/8.0] (deps): Bump src/submodules/googletest from d144031 to 7d76a23 by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from d144031 to 7d76a23 dotnet/aspnetcore#59678
[release/8.0] Skip tests on internal queues too by @github-actions in [release/8.0] Skip tests on internal queues too dotnet/aspnetcore#59579
[release/8.0] Fix Kestrel host header mismatch handling when port in Url by @BrennanConroy in [release/8.0] Fix Kestrel host header mismatch handling when port in Url dotnet/aspnetcore#59403
Migrate off of Debian 11 by @v-firzha in Migrate off of Debian 11 dotnet/aspnetcore#59584
[release/8.0] Pin to S.T.J 8.0.5 in Analyzers by @wtgodbe in [release/8.0] Pin to S.T.J 8.0.5 in Analyzers dotnet/aspnetcore#59777
[release/8.0] [Blazor WASM standalone] Avoid caching index.html during development by @github-actions in [release/8.0] [Blazor WASM standalone] Avoid caching index.html during development dotnet/aspnetcore#59349
Update to Fedora 41 by @BrennanConroy in Update to Fedora 41 dotnet/aspnetcore#59817
[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#59811
[release/8.0] Update dependencies from dotnet/source-build-reference-packages by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-reference-packages dotnet/aspnetcore#59825
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#59864
[release/8.0] Fix/update docker tags by @wtgodbe in [release/8.0] Fix/update docker tags dotnet/aspnetcore#59867
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#59872

Full Changelog: dotnet/aspnetcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Update branding to 8.0.12 by @vseanreesermsft in Update branding to 8.0.12 dotnet/aspnetcore#58800
[release/8.0] (deps): Bump src/submodules/googletest from 6dae7eb to 1204d63 by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from 6dae7eb to 1204d63 dotnet/aspnetcore#58741
Add scope for internal npm packages by @BrennanConroy in Add scope for internal npm packages dotnet/aspnetcore#58512
[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#58477
[release/8.0] Upgrade serialize-javascript transient dependency by @MackinnonBuck in [release/8.0] Upgrade serialize-javascript transient dependency dotnet/aspnetcore#58466
[release/8.0] Update Messagepack dependency by @wtgodbe in [release/8.0] Update Messagepack dependency dotnet/aspnetcore#58676
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#58898
[release/8.0] Use MacOS-13 in CI by @wtgodbe in [release/8.0] Use MacOS-13 in CI dotnet/aspnetcore#58549
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#59065
[release/8.0] Fix java discovery in helix-matrix by @wtgodbe in [release/8.0] Fix java discovery in helix-matrix dotnet/aspnetcore#59181
[release/8.0] Update dependencies from dotnet/roslyn by @wtgodbe in [release/8.0] Update dependencies from dotnet/roslyn dotnet/aspnetcore#59184
[release/8.0] (deps): Bump src/submodules/googletest from 1204d63 to d144031 by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from 1204d63 to d144031 dotnet/aspnetcore#59033

Full Changelog: dotnet/aspnetcore@v8.0.11...v8.0.12

8.0.11

Release

What's Changed

Update branding to 8.0.11 by @vseanreesermsft in Update branding to 8.0.11 dotnet/aspnetcore#58198
[release/8.0] (deps): Bump src/submodules/googletest from ff233bd to 6dae7eb by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from ff233bd to 6dae7eb dotnet/aspnetcore#58180
[release/8.0] Add explicit conversion for value-type returning handlers with filters by @captainsafia in [release/8.0] Add explicit conversion for value-type returning handlers with filters dotnet/aspnetcore#57966
[release/8.0] Stop using Mac 11 in Helix by @wtgodbe in [release/8.0] Stop using Mac 11 in Helix dotnet/aspnetcore#58063
[release/8.0] Enable TSA/Policheck by @github-actions in [release/8.0] Enable TSA/Policheck dotnet/aspnetcore#58124
[release/8.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 by @dependabot in [release/8.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 dotnet/aspnetcore#58179
[Backport] Http.Sys: Clean up Request parsing errors by @BrennanConroy in [Backport] Http.Sys: Clean up Request parsing errors dotnet/aspnetcore#57819
[release/8.0] Update the Microsoft.Identity.Web versions used by project templates by @halter73 in [release/8.0] Update the Microsoft.Identity.Web versions used by project templates dotnet/aspnetcore#58229
Add registry search for upgrade policy keys, update dependencies from Arcade by @dotnet-maestro in Add registry search for upgrade policy keys, update dependencies from Arcade dotnet/aspnetcore#58278
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#58300
[release/8.0] Remove ProviderKey from Hosting Bundle by @github-actions in [release/8.0] Remove ProviderKey from Hosting Bundle dotnet/aspnetcore#58294
[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#58352
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#58347
[release/8.0] Improve dev-certs export error message by @amcasey in [release/8.0] Improve dev-certs export error message dotnet/aspnetcore#58470
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#58474

Full Changelog: dotnet/aspnetcore@v8.0.10...v8.0.11

8.0.10

Release

8.0.8

Release

8.0.7

Release

8.0.6

Release

8.0.5

Release

What's Changed

[release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/source-build-externals dotnet/aspnetcore#54744
Update branding to 8.0.5 by @vseanreesermsft in Update branding to 8.0.5 dotnet/aspnetcore#54907
[release/8.0] Convert to 1ES templates by @RussKie in [release/8.0] Convert to 1ES templates dotnet/aspnetcore#54660
Increase logs and delays in CanLaunchPhotinoWebViewAndClickButton by @Eilon in Increase logs and delays in CanLaunchPhotinoWebViewAndClickButton dotnet/aspnetcore#54608
[release/8.0] (deps): Bump src/submodules/googletest from 31993df to 77afe8e by @dependabot in [release/8.0] (deps): Bump src/submodules/googletest from 31993df to 77afe8e dotnet/aspnetcore#54872
[release/8.0] Reduce helix-matrix timeout to 5 hours by @github-actions in [release/8.0] Reduce helix-matrix timeout to 5 hours dotnet/aspnetcore#54778
[release/8.0] Preserve RemoteAuthenticationContext during trimming if used in JS interop by @halter73 in [release/8.0] Preserve RemoteAuthenticationContext during trimming if used in JS interop dotnet/aspnetcore#54655
[release/8.0] Improve usage of Type.GetType when activating types in data protection by @github-actions in [release/8.0] Improve usage of Type.GetType when activating types in data protection dotnet/aspnetcore#54762
[release/8.0] Fix route analyzer performance with highly concatenated strings by @github-actions in [release/8.0] Fix route analyzer performance with highly concatenated strings dotnet/aspnetcore#54763
[release/8.0] Suppress .ps1 SDL errors by @wtgodbe in [release/8.0] Suppress .ps1 SDL errors dotnet/aspnetcore#54915
[release/8.0] Backport test fixes by @MackinnonBuck in [release/8.0] Backport test fixes dotnet/aspnetcore#54912
[release/8.0] Skip SpotBugs for now by @wtgodbe in [release/8.0] Skip SpotBugs for now dotnet/aspnetcore#54952
Merging internal commits for release/8.0 by @vseanreesermsft in Merging internal commits for release/8.0 dotnet/aspnetcore#55034
[release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro in [release/8.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#55061
[release/8.0] Update Wix version by @github-actions in [release/8.0] Update Wix version dotnet/aspnetcore#55101

Full Changelog: dotnet/aspnetcore@v8.0.4...v8.0.5

8.0.4

Release

8.0.3

Release

8.0.2

Release

8.0.1

Release

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

--- updated-dependencies: - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 9.0.10 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-10-31T19:12:08Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

nuget/Microsoft.AspNetCore.Authentication.JwtBearer

9.0.10

🟢 6.2

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 8	Found 8/9 approved changesets -- score normalized to 8
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	🟢 10	security policy file detected
License	🟢 10	license file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 7	3 existing vulnerabilities detected
Binary-Artifacts	🟢 9	binaries present in source code
Pinned-Dependencies	🟢 6	dependency not pinned by hash detected -- score normalized to 6

nuget/Microsoft.IdentityModel.Abstractions

8.0.1

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	22 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during GetBranch(dev7x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

nuget/Microsoft.IdentityModel.JsonWebTokens

8.0.1

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	22 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during GetBranch(dev7x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

nuget/Microsoft.IdentityModel.Logging

8.0.1

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	22 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during GetBranch(dev7x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

nuget/Microsoft.IdentityModel.Protocols

8.0.1

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	22 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during GetBranch(dev7x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

nuget/Microsoft.IdentityModel.Protocols.OpenIdConnect

8.0.1

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	22 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during GetBranch(dev7x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

nuget/Microsoft.IdentityModel.Tokens

8.0.1

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	22 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during GetBranch(dev7x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

nuget/System.IdentityModel.Tokens.Jwt

8.0.1

🟢 7.2

Details

Check	Score	Reason
Maintained	🟢 10	22 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during GetBranch(dev7x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
SAST	🟢 10	SAST tool is run on all commits

Scanned Files

VulnerableApi/VulnerableApi.csproj

dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Oct 31, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.0 to 9.0.10 #2

Bump Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.0 to 9.0.10 #2

Uh oh!

dependabot bot commented on behalf of github Oct 31, 2025

Uh oh!

github-actions bot commented Oct 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.0 to 9.0.10 #2

Are you sure you want to change the base?

Bump Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.0 to 9.0.10 #2

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 31, 2025

9.0.10

What's Changed

9.0.9

What's Changed

9.0.7

What's Changed

9.0.6

Bug Fixes

Dependency Updates

Miscellaneous

9.0.5

What's Changed

9.0.4

What's Changed

9.0.3

What's Changed

9.0.2

What's Changed

9.0.1

What's Changed

9.0.0

What's Changed

9.0.0-rc.2.24474.3

What's Changed

9.0.0-rc.1.24452.1

9.0.0-preview.7.24406.2

9.0.0-preview.6.24328.4

9.0.0-preview.5.24306.11

9.0.0-preview.4.24267.6

9.0.0-preview.3.24172.13

9.0.0-preview.2.24128.4

9.0.0-preview.1.24081.5

8.0.21

What's Changed

8.0.20

What's Changed

8.0.18

What's Changed

8.0.17

Bug Fixes

Dependency Updates

Miscellaneous

8.0.16

What's Changed

8.0.15

What's Changed

8.0.14

What's Changed

8.0.13

What's Changed

8.0.12

What's Changed

8.0.11

What's Changed

8.0.10

8.0.8

8.0.7

8.0.6

8.0.5

What's Changed

8.0.4

8.0.3

8.0.2

8.0.1

Uh oh!

github-actions bot commented Oct 31, 2025

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Reviewers

Assignees

Labels

Projects