1 article
A critical security regression in Microsoft.AspNetCore.DataProtection (CVSS 9.1) introduced in .NET 10.0.0 causes encryption keys to leak on Linux deployments. Applications using cookie authentication, anti-forgery tokens, or TempData are at immediate risk. Update to .NET 10.0.7 now.