Critical: .NET install domains and URLs are changing #9671
Comments
|
Is there a risk that a malicious party later acquires azureedge.net and starts serving malware to systems that still use the old URLs? From WHOIS, it looks like azureedge.net is registered to Microsoft, not to Edgio. (Just wondering how urgent it is to update URLs in old version-control branches that are not actively developed but might get built some day.) Have there been any NuGet feeds in the domain? |
|
@KalleOlaviNiemitalo we took it over, so it won’t be taken away. |
so why not keep the current urls for like 1-2 more dont net versions so after .net 11 you have to use the new urls this would give people time to update their whitelists |
@KalleOlaviNiemitalo
|
Given this issue I'm wondering when Microsoft will provide their own domain registrar on Azure to prevent such issues in the future. Currently this is the only thing that is really missing on the Azure platform. I can host virtually anything on Azure but when it comes to domains I still need to resort to a third party. I can point all my nameservers to Azure, sure. But the domain itself needs to be hosted somewhere else. |
|
Does this affect the installers in the Azure Devops pipelines? We use a mix of classic and Yaml pipelines. |
Yes, it does.
|
Something maybe worth emphasizing is that consumers need to make sure they aren't using an overly-specific version of the action in order to receive this update. In our community we found many instances of people explicitly using |
|
Good point. I made a couple edits to clarify. |
|
Are you making any changes to docker images? |
|
This is the outstanding PR for our container images: dotnet/dotnet-docker#6125. However, your error looks like a standard network problem. It has nothing to do with this issue. None of the problematic changes have been made yet and I don't believe that MCR uses edgio CDN or the azureedge.net domain. |
Needed for .NET CDN change see dotnet/core#9671 and: AzureAD/microsoft-identity-web#3175 Signed-off-by: Keegan <[email protected]>
Bump the update-dotnet-sdk action to v3.4.0 to pick up changes to react to dotnet/core#9671.
Bump the update-dotnet-sdk action to v3.4.0 to pick up changes to react to dotnet/core#9671.
Bump the update-dotnet-sdk action to v3.4.0 to pick up changes to react to dotnet/core#9671.
Needed for .NET CDN change see dotnet/core#9671 and: AzureAD/microsoft-identity-web#3175 Signed-off-by: Keegan <[email protected]>
* Needed for .net cdn change see dotnet/core#9671 and: AzureAD/microsoft-identity-web#3175 * Update codeql action to setup .NET 9
Some .NET binaries and installers are hosted on Azure Content Delivery Network (CDN) domains that end in
.azureedge.net. These domains are hosted by edg.io, which will soon cease operations due to bankruptcy. We are required to migrate to a new CDN and will be using new domains going forward. It is possible that.azureedge.netdomains will have downtime or become permanently unavailable.You may need to adapt to these changes.
We expect
azureedge.netdomains to cease being functional in the first half of 2025. Moving your usage to the new CDN is the best path to avoiding service disruption.Test links for new CDN:
Test links for old CDN:
Our plan is a work-in-progress and is expected to evolve. We recommend that affected users make changes by the end of January.
Affected resources
Domains affected:
URLs affected:
Not affected:
There are many users of these resources, for example:
On December 23rd, we switched the two
azureedge.netdomains above to use Azure Traffic Manager. After that change, those domains continued to send 100% of traffic to our edg.io CDNs. We expect to drop edgio traffic to zero on December 27th by sending all traffic to a different CDN. These changes could break users with conservative firewall rules.Users should not consider
azureedge.netto be a long-term usable domain. Please move to the new domains as soon as possible. It is likely that these domains will be retired in the first half on 2025. No other party will be able to use them. We are not able to control the timing of these events.Install script
The .NET install script is used to install .NET from our CDN. We are changing CDNs (documented in a following section), which requires us to change the install script to use the new CDN.
Updated scripts:
The updated scripts prefer the new CDNs, while enabling fallback to the legacy
azureedge.netdomains. The legacy domains will be removed at a later point.Tracking PRs:
Notes (for the install script):
-NoCdnor--no-cdnargument can be used to bypass using the CDN, which may help some users.-AzureFeedor--azure-feedargument can be used to specify an alternate storage account or CDN.Plan for domains
There are multiple domains, used for different purposes.
Official builds
Official builds and JSON files are hosted via a CDN, available for use by the install script and other installers.
Note: Official builds are tested and signed by Microsoft. A
microsoft.comdomain was chosen to reflect that.You can change from old to new domains by changing the domain section of the URL. The other parts of the URL do not need to change.
Example URLs:
A set of short links are available for official builds.
Link pattern:
https://aka.ms/dotnet/[x.y]/[package].Example URLs:
These links produce
301HTTP results that forward to our CDN.We expect these links to be changed in early January.
Tracking PR:
CI builds
Continuous integration (CI) builds are hosted via a CDN, available via the install script and GitHub README files.
Note: CI builds include a mix of tested and untested builds, signed and unsigned builds.
Example URLs:
A set of short links are available for CI builds.
Link pattern:
https://aka.ms/dotnet/[x.y]/daily/[package].Example URLs:
These links produce
301HTTP results that forward to our CDN.We expect these links to be changed in early January.
Tracking PR:
CI build pages use the CI short links.
Example build pages:
Azure DevOps and GitHub Actions
UseDotnetTaskwill be updated in JanuaryOther changes
The following resources are also affected.
The text was updated successfully, but these errors were encountered: