Training
Module
Guide to Secure .NET Development with OWASP Top 10 - Training
Evaluate security risks that come with insecure application development patterns and practices
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
If you're migrating an app to .NET 9, the breaking changes listed here might affect you. Changes are grouped by technology area, such as ASP.NET Core or Windows Forms.
This article categorizes each breaking change as binary incompatible or source incompatible, or as a behavioral change:
Binary incompatible - When run against the new runtime or component, existing binaries may encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
Source incompatible - When recompiled using the new SDK or component or to target the new runtime, existing source code may require source changes to compile successfully.
Behavioral change - Existing code and binaries may behave differently at run time. If the new behavior is undesirable, existing code would need to be updated and recompiled.
Note
This article is a work in progress. It's not a complete list of breaking changes in .NET 9. To query breaking changes that are still pending publication, see Issues of .NET.
Title | Type of change | Introduced version |
---|---|---|
DefaultKeyResolution.ShouldGenerateNewKey has altered meaning | Behavioral change | Preview 3 |
Dev cert export no longer creates folder | Behavioral change | RC 1 |
HostBuilder enables ValidateOnBuild/ValidateScopes in development environment | Behavioral change | Preview 7 |
Legacy Mono and Emscripten APIs not exported to global namespace | Source incompatible | GA |
Middleware types with multiple constructors | Behavioral change | RC 1 |
Title | Type of change | Introduced version |
---|---|---|
Container images no longer install zlib | Behavioral change | Preview 7 |
.NET Monitor images simplified to version-only tags | Behavioral change | Preview 5 |
Title | Type of change | Introduced version |
---|---|---|
SafeEvpPKeyHandle.DuplicateHandle up-refs the handle | Behavioral change | Preview 7 |
Some X509Certificate2 and X509Certificate constructors are obsolete | Source incompatible | Preview 7 |
Windows private key lifetime simplified | Behavioral change | Preview 7 |
Title | Type of change | Introduced version |
---|---|---|
Deprecated desktop Windows/macOS/Linux MonoVM runtime packages | Source incompatible | Preview 7 |
Title | Type of change | Introduced version |
---|---|---|
CET supported by default | Binary incompatible | Preview 6 |
Title | Type of change | Introduced version |
---|---|---|
Floating point to integer conversions are saturating | Behavioral change | Preview 4 |
Some SVE APIs removed | Source incompatible | RC 2 |
Title | Type of change | Introduced version |
---|---|---|
API obsoletions | Source incompatible | Preview 6 |
HttpClient metrics report server.port unconditionally |
Behavioral change | Preview 7 |
HttpClientFactory logging redacts header values by default | Behavioral change | RC 1 |
HttpClientFactory uses SocketsHttpHandler as primary handler | Behavioral change | Preview 6 |
HttpListenerRequest.UserAgent is nullable | Source incompatible | Preview 1 |
URI query redaction in HttpClient EventSource events | Behavioral change | Preview 7 |
URI query redaction in IHttpClientFactory logs | Behavioral change | Preview 7 |
Title | Type of change | Introduced version |
---|---|---|
dotnet restore audits transitive packages |
Behavioral change | Preview 6 |
dotnet watch incompatible with Hot Reload for old frameworks |
Behavioral change | RC 1 |
dotnet workload commands output change |
Behavioral change | Preview 1 |
installer repo version no longer documented |
Behavioral change | Preview 5 |
Terminal logger is default | Behavioral change | Preview 1 |
Version requirements for .NET 9 SDK | Source incompatible | GA |
Warning emitted for .NET Standard 1.x target | Source incompatible | Preview 6 |
Warning emitted for .NET 7 target | Source incompatible | GA |
Title | Type of change | Introduced version |
---|---|---|
BinaryFormatter always throws | Behavioral change | Preview 6 |
Nullable JsonDocument properties deserialize to JsonValueKind.Null | Behavioral change | Preview 1 |
Title | Type of change | Introduced version |
---|---|---|
BindingSource.SortDescriptions doesn't return null | Behavioral change | Preview 1 |
Changes to nullability annotations | Source incompatible | Preview 1 |
ComponentDesigner.Initialize throws ArgumentNullException | Behavioral change | Preview 1 |
DataGridViewRowAccessibleObject.Name starting row index | Behavioral change | Preview 1 |
IMsoComponent support is opt-in | Behavioral change | Preview 2 |
New security analyzers | Source incompatible | RC 1 |
No exception if DataGridView is null | Behavioral change | Preview 1 |
PictureBox raises HttpClient exceptions | Behavioral change | Preview 6 |
Title | Type of change | Introduced version |
---|---|---|
GetXmlNamespaceMaps type change |
Behavioral change/Source incompatible | Preview 3 |
.NET feedback
.NET is an open source project. Select a link to provide feedback:
Training
Module
Guide to Secure .NET Development with OWASP Top 10 - Training
Evaluate security risks that come with insecure application development patterns and practices