Microsoft has urged developers still using the long-term support (LTS) release of .NET Core 3.1 to migrate to the latest .NET Core versions until it reaches the end of support (EOS) next month.
The company warned customers on the Windows message center to upgrade to .NET 6 (LTS) or .NET 7 "as soon as possible" before .NET Core 3.1 (LTS) reaches EOS on December 13, 2022.
As Dominique Whittaker, the Senior Program Manager responsible for .NET Core and .NET Native releases, warned this July, Microsoft will stop providing technical support or servicing updates after EOS.
"We recommend moving to .NET 6 as soon as possible. If you are still using .NET Core 3.1 after the end of support date, you’ll need to update your app to .NET 6 or .NET 7 to remain supported and continue to receive .NET updates," Whittaker said.
While .NET Core 3.1 apps will still run after the EOS is reached in less than a month, they will be exposed to attacks targeting any of the security vulnerabilities patched in .NET Core 6 since its initial release in November 2021.
Whittaker also shared detailed steps on how software vendors and developers can upgrade to .NET 6 (LTS) and how to update their development environment.
"If you’re migrating an app to .NET 6, some breaking changes might affect you. We recommend you to go through the compatibility check," the Microsoft PM added.
Those who want to migrate to the latest available release can upgrade to .NET 7, which was released earlier this month on November 8th and will be supported for 18 months.
".NET 7 brings your apps increased performance and new features for C# 11/F# 7, .NET MAUI, ASP.NET Core/Blazor, Web APIs, WinForms, WPF and more," the .NET team said.
"With .NET 7, you can also easily containerize your .NET 7 projects, set up CI/CD workflows in GitHub actions, and achieve cloud-native observability."
In April, Microsoft also warned developers to migrate their apps away from .NET Framework 4.5.2, 4.6, and 4.6.1 to at least .NET Framework 4.6.2 or later before they reached their EOS on April 26, to continue receiving security updates and technical support.
These three .NET Framework versions were retired after the switch to SHA-2 signing because they were digitally signed with certificates using the legacy and insecure SHA-1 cryptographic hashing algorithm.
Comments
ZeroYourHero - 1 year ago
I wish they would get their code right the first time. It seems to be a VERY dubious sales model that makes customers make reoccurring payments to software vendors to fix their programming mistakes and misjudgments year after year. We really should only be paying for more useful features.
NoneRain - 1 year ago
That's the point with the article. .NET Core 3.1 has its "code right". The thing is, tech evolves, enterprise can't support frameworks forever while simultaneously pushing new stuff. That's why everything have EOS, and you can migrate to .NET 7.
Also, what you're asking for is impossible. Not a single piece of software is immune to vulnerabilities, and asking for enterprise to support things indefinitely goes against the purpose of financing the dev. of the software in the first place.
The solution to this is in part FOSS, but even on that, you can't support all versions forever, and there are a lot of private investment that keeps the code with the minimum number of "mistakes and misjudgments".
Not all vulns. exist based on mistakes, tho.
SoftwareEngineer248 - 1 year ago
.NET upgrades are free. You can download them by going to https://dotnet.microsoft.com/en-us/download and https://dotnet.microsoft.com/en-us/download/dotnet-framework . Note that security updates are installed automatically by Windows Update (you may have to enable the "Receive updates for other Microsoft products" Windows Update setting for this to occur).
Bitbeisser - 1 year ago
<p>It's problems like this that I stay away from .NET as far as I could throw it. It's enough that I am running into .NET dependency hell in the sysadmin part of my job all the time. You need (or are forced) to upgrade to the latest version on one side, but then you need to install or just run a previously installed older version of a software that requires and older version of .NET and as soon as you get that fixed, something that depends on the newer version starts to barf. One example is having to support the latest version of Quickbooks, but then the same user needs to install a 2016 version (just as an example) of Turbo Tax to (re)file an older tax return. Playing version ping pong between those two results in days of fun. NOT.</p>
SoftwareEngineer248 - 1 year ago
In general, different versions of .NET can co-exist. For example, you can run .NET apps which are built for .NET Framework 4.5 on a machine with the .NET Framework 4.8.1 (the latest version). Hopefully, you are not running into a case where an app depends on a specific version (i.e. it requires .NET Framework 4.5 because a bug prevents it from running on later versions).
Also, the newer .NET Core / .NET releases can be installed side by side (i.e. you can have .NET Core 3.1, .NET Core 6 and .NET Core 7 all installed on the same machine).
Note there are two types of .NET. The first and oldest is the .NET Framework. It was released in the early 2000s and its current version is 4.8.1. The newest type is called .NET Core or .NET. .NET Core versions 1.0 - .3.1 and .NET 5-7 are examples of this type.
The main difference between the two types is the newer type has a shorter support life cycle (3 years for LTS versions) and the newer version is cross platform (i.e. runs on Windows, Linux and Mac). Porting between from the new to old version is fairly easy.