NuGet 6.3 Release Notes
NuGet distribution vehicles:
| NuGet version | Available in Visual Studio version | Available in .NET SDK(s) |
|---|---|---|
| 6.3 | Visual Studio 2022 version 17.3 | 6.0.4001 |
| 6.3.1 | Visual Studio 2022 version 17.3 | 6.0.4021 |
| 6.3.3 | N/A | 6.0.4101 |
| 6.3.4 | N/A | 6.0.4191 |
1 Installed with Visual Studio 17.3 with.NET Core workload
Summary: What's New in 6.3.4
- [Security]: Microsoft Security Advisory CVE-2024-0057 | NuGet Client Security Feature bypass Vulnerability - #12653
Summary: What's New in 6.3.3
- [Security]: Microsoft Security Advisory CVE-2023-29337 | NuGet Client Remote Code Execution Vulnerability - #12653
Note
There is a behavior breaking change on Linux. The temp folder location, where NuGet stores temporary files during its various operations, has changed from /tmp/NuGetScratch to /tmp/NuGetScratch<username>. E.g. for user User1, the temp folder will be /tmp/NuGetScratchUser1.
Summary: What's New in 6.3.1
- [Security]: Microsoft Security Advisory CVE-2022-41032 | .NET Elevation of Privilege Vulnerability - #12149
Summary: What's New in 6.3
[Feature] Allow to user to input custom (floating) versions through the PM UI - #9829 #3788
[Feature] NuGet warns when duplicate PackageReference, PackageVersion or PackageDownload items are specified - #9467 #9864
When using Central Package Management, Visual Studio no longer errors when installing packages and instead the project and central package management file are updated - #11828
NuGet.Common, NuGet.Configuration, NuGet.Frameworks, NuGet.Packaging.Extraction and NuGet.Versioning no longer support net45 or net40 - #11830
Issues fixed in this release
DCRs:
[DCR]: Print sources in NU1507 - #11715
[DCR]: Only cancel VS cred provider requests if VS is closing - #11970
For C++/CLI PackageReference projects, NuGet should ignore the TargetPlatformMoniker - #11808
[DCR]: Include caught exceptions as inner exceptions when rethrowing (in MsBuildUtility) - #11766
Specifying both -f ... and -r ... to dotnet build fails to restore if multiple frameworks are present in the project file - #11653
PackageSourceMapping public constructor - #11609
Add support for system and fallback certificate bundles - #11263
Bugs:
[Bug]: X.509 trust store isn't initialized in
dotnet add packageand SDK resolver code paths - #11956Cache DTE service in VS Solution Manager - #11902
Nuget CPS references reader is forcing all vc projects to be fully loaded - #11877
Make dotnet package verification env var value comparison case insensitive - #11876
Using JsonTextWriter manually in LockFileFormat - #11870
Extra allocations in EqualityUtility - #11867
[Bug]: Boxing of structs to compute hashcode is causing excessive allocations - #11866
When restore raises an NU1301, build might fail with a
project.assets.json doesn't have a target for 'net6.0-windows10.0.19041.0like error that's a red herring - #11862[Bug]: Package source option "All" appears unsorted in the in the list when using VS in non-English languages - #11857
[Bug]: [Bug Bash] The “Version” dropdown box is blank in “Consolidate” tab of solution-level PM UI - #11806
PackageDownload multiple versions doesn't work in Visual Studio. - #11798
[Bug]: Visual Studio restore sometimes sets originalTargetFrameworks incorrectly in project.assets.json - #11795
[Bug]: NuGet does not retry some HTTP timeouts - #11779
[Bug]: misspelling in RestoreCommandCannotDeterminePackagesFolder_deu - #11774
Update SPDX licenses to bb0099c - #11765
"Illegal characters in path" (Solution Directory) - #11764
NuGet Package Manager window causes persistent WPF frame rate spike due to a runaway animation - #11746
[Bug]: PM UI version list only shows a single latest version - #11734
Large number of allocations while processing package references - #11733
Unnecessary Allocations in SemanticVersion.ParseSections() - #11732
[Bug]: new warning for package source mappings doesn't pass a value for the resource string placeholder - #11709
[Bug]: Central package management breaks no-op restores - #11696
[Bug]: MsBuild version is not parsed correctly when -MsBuildPath option is passed to nuget.exe restore - #11689
[Bug]: Very slow restore or OOM when using NoWarn - #11669
[Bug]: Automatic credential plugin discovery is broken when 64 bit msbuild.exe is used by nuget.exe - #11623
[Bug]: Reduce memory allocation while detecting cycles or potential degrades in package versions during restore - #11614
Avoid JTF.Run wrapped property retrieval, use async methods instead. - #11199
.nupkg.metadata locked and being used by another process - #10882
Unexpected error “Your project file doesn’t list ‘win’ as a “RuntimeIdentifier”” occurs when building the solution after enabling “RestoreLockedMode” - #10590
NuGet.exe pack issues a warning (NU5128) when packing a project file - #8713
Transitive lock files (with wildcard) result in NU1004 - #8465
Enhance the experimentation infrastructure in NuGet code to support transitive dependencies - #10758
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for