.NET June 2025 Update

Release Notes

• 9.0.6
• 8.0.17

Status

Issues

Please report any issues you find either by responding to this issue, creating a new issue or creating a new issue in one of the following repos:

• ASP.NET Core: dotnet/aspnetcore
• Entity Framework Core: dotnet/efcore
• .NET CLI/SDK dotnet/sdk
• .NET runtime dotnet/runtime
• Winforms: dotnet/winforms
• WPF: dotnet/wpf
• NuGet: nuget/home
• Containers: dotnet/dotnet-docker
• Winget: microsoft/winget-pkgs

Known Issues

.NET 8.0.17 & .NET 9.0.6 Breaking Change

Breaking Change: UseForwardedHeaders middleware now always checks ForwardedHeadersOptions.KnownNetworks and ForwardedHeadersOptions.KnownProxies

UseForwardedHeaders middleware now always checks ForwardedHeadersOptions.KnownNetworks and ForwardedHeadersOptions.KnownProxies. Because both KnownNetworks and KnownProxies default to Loopback this means deployed applications may fail to apply X-Forwarded-* headers resulting in properties like scheme and host not being updated which can have side-effects e.g. UseHttpsRedirection() might always see http and always redirecting the request.

The recommended fix is to set the KnownNetworks and KnownProxies values to the appropriate values. See https://learn.microsoft.com/aspnet/core/host-and-deploy/proxy-load-balancer for more details on using proxies and UseForwardedHeaders(). Alternatively, if you are fine accepting X-Forwarded-* headers from any source, which introduces security vulnerabilities, you can clear the KnownNetworks and KnownProxies properties.