jprdonnelly/core
1
0
Fork 0
mirror of synced 2025-12-25 02:14:57 -05:00
Code Issues Projects Releases Wiki Activity

Update known-issues.md (#9935)

Browse Source
This commit is contained in:
Rahul Bhandari
2025-06-12 13:59:42 -07:00
committed by GitHub
parent c6c9df5f56
commit 27747ce8ba
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
release-notes/9.0/known-issues.md
View File

@@ -2,14 +2,6 @@
You may encounter the following known issues, which may include workarounds, mitigations, or expected resolution timeframes.
## ASP.NET
### [9.0.6] Breaking Change: UseForwardedHeaders middleware now always checks ForwardedHeadersOptions.KnownNetworks and ForwardedHeadersOptions.KnownProxies
`UseForwardedHeaders` middleware now always checks `ForwardedHeadersOptions.KnownNetworks` and `ForwardedHeadersOptions.KnownProxies`. Because both `KnownNetworks` and `KnownProxies` default to Loopback this means deployed applications may fail to apply `X-Forwarded-*` headers resulting in properties like scheme and host not being updated which can have side-effects e.g. `UseHttpsRedirection()` might always see http and always redirecting the request.
The recommended fix is to set the `KnownNetworks` and `KnownProxies` values to the appropriate values. See https://learn.microsoft.com/aspnet/core/host-and-deploy/proxy-load-balancer for more details on using proxies and `UseForwardedHeaders()`. Alternatively, if you are fine accepting `X-Forwarded-*` headers from any source, which introduces security vulnerabilities, you can clear the `KnownNetworks` and `KnownProxies` properties.
## .NET WPF
### 1. Usage of incorrect types as DynamicResource
@@ -133,6 +125,12 @@ If you had previously specified the `WindowsSdkPackageVersion` property to fix t
## ASP.NET Core
### [9.0.6] Breaking Change: UseForwardedHeaders middleware now always checks ForwardedHeadersOptions.KnownNetworks and ForwardedHeadersOptions.KnownProxies
`UseForwardedHeaders` middleware now always checks `ForwardedHeadersOptions.KnownNetworks` and `ForwardedHeadersOptions.KnownProxies`. Because both `KnownNetworks` and `KnownProxies` default to Loopback this means deployed applications may fail to apply `X-Forwarded-*` headers resulting in properties like scheme and host not being updated which can have side-effects e.g. `UseHttpsRedirection()` might always see http and always redirecting the request.
The recommended fix is to set the `KnownNetworks` and `KnownProxies` values to the appropriate values. See https://learn.microsoft.com/aspnet/core/host-and-deploy/proxy-load-balancer for more details on using proxies and `UseForwardedHeaders()`. Alternatively, if you are fine accepting `X-Forwarded-*` headers from any source, which introduces security vulnerabilities, you can clear the `KnownNetworks` and `KnownProxies` properties.
### Microsoft.AspNetCore.Components.CustomElements package not published in 9.0.3
The Microsoft.AspNetCore.Components.CustomElements package will not ship in version 9.0.3. A blocking issue was discovered late in the release cycle, so the package will not ship until version 9.0.4, which will contain the fix.