Povratne informacije Uredi

Runtime Changes for Migration from .NET Framework 4.7 to 4.7.2

  • Članak
  • 9 min. za čitanje

If you are migrating from the .NET Framework 4.7 to 4.7.2, review the following topics for application compatibility issues that may affect your app:

Core

Allow Unicode in URIs that resemble UNC shares

Details

In System.Uri, constructing a file URI containing both a UNC share name and Unicode characters will no longer result in a URI with invalid internal state. The behavior will change only when all of the following are true:

  • The URI has the scheme file: and is followed by four or more slashes.
  • The host name begins with an underscore or other non-reserved symbol.
  • The URI contains Unicode characters.

Suggestion

Applications working with URIs consistently containing Unicode could have conceivably used this behavior to disallow references to UNC shares. Those applications should use IsUnc instead.

Name Value
Scope Edge
Version 4.7.2
Type Runtime

Affected APIs

Support special relative URI notation when Unicode is present

Details

Uri will no longer throw a NullReferenceException when calling TryCreate on certain relative URIs containing Unicode. The simplest reproduction of the NullReferenceException is below, with the two statements being equivalent:

bool success = Uri.TryCreate("http:%C3%A8", UriKind.RelativeOrAbsolute, out Uri href);
bool success = Uri.TryCreate("http:è", UriKind.RelativeOrAbsolute, out Uri href);

To reproduce the NullReferenceException, the following items must be true:

  • The URI must be specified as relative by prepending it with 'http:' and not following it with '//'.
  • The URI must contain percent-encoded Unicode or unreserved symbols.

Suggestion

Users depending on this behavior to disallow relative URIs should instead specify UriKind.Absolute when creating a URI.

Name Value
Scope Edge
Version 4.7.2
Type Runtime

Affected APIs

JIT

Incorrect code generation when passing and comparing UInt16 values

Details

Because of changes introduced in the .NET Framework 4.7, in some cases the code generated by the JIT compiler in applications running on the .NET Framework 4.7 incorrectly compares two T:System.UInt16 values. For more information, see Issue #11508: Silent bad codegen when passing and comparing ushort args on GitHub.com.

Suggestion

If you encounter issues in the comparison of 16-bit unsigned values in the .NET Framework 4.7, upgrade to the .NET Framework 4.7.1.

Name Value
Scope Edge
Version 4.7
Type Runtime

Affected APIs

Not detectable via API analysis.

Runtime

Improved WCF chain trust certificate validation for Net.Tcp certificate authentication

Details

.NET Framework 4.7.2 improves chain trust certificate validation when using certificate authentication with transport security with WCF. With this improvement, client certificates that are used to authenticate to a server must be configured for client authentication. Similarly server certificates that are for the authenticating a server must be configured for server authentication. With this change, if the root certificate is disabled, the certificate chain validation fails. The same change was also made to .NET Framework 3.5 and later versions via Windows security roll-up. You can find more information here.This change is on by default and can be turned off by a configuration setting.

Suggestion

  • Validate if your server and client certification has the required EKU OID. If not, update your certification.

  • Validate if your root certificate is invalid. If so, update the root certificate.

  • If you can't update the certificate, you can work around the breaking change temporarily with the following configuration setting. However, opting out of the change will leave your system vulnerable to the security issue.

    <appSettings>
  <add key="wcf:useLegacyCertificateUsagePolicy" value="true" />
</appSettings>
Name Value
Scope Minor
Version 4.7.2
Type Runtime

Affected APIs

Not detectable via API analysis.

Security

RSACng and DSACng are once again usable in Partial Trust scenarios

Details

CngLightup (used in several higher-level crypto apis, such as System.Security.Cryptography.Xml.EncryptedXml) and System.Security.Cryptography.RSACng in some cases rely on full trust. These include P/Invokes without asserting SecurityPermissionFlag.UnmanagedCode permissions, and code paths where System.Security.Cryptography.CngKey has permission demands for SecurityPermissionFlag.UnmanagedCode. Starting with the .NET Framework 4.6.2, CngLightup was used to switch to System.Security.Cryptography.RSACng wherever possible. As a result, partial trust apps that successfully used System.Security.Cryptography.Xml.EncryptedXml began to fail and throw SecurityException exceptions.This change adds the required asserts so that all functions using CngLightup have the required permissions.

Suggestion

If this change in the .NET Framework 4.6.2 has negatively impacted your partial trust apps, upgrade to the .NET Framework 4.7.1.

Name Value
Scope Edge
Version 4.6.2
Type Runtime

Affected APIs

Web Applications

"dataAnnotations:dataTypeAttribute:disableRegEx" app setting is on by default in .NET Framework 4.7.2

Details

In .NET Framework 4.6.1, an app setting (&quot;dataAnnotations:dataTypeAttribute:disableRegEx&quot;) was introduced that allows users to disable the use of regular expressions in data type attributes (such as System.ComponentModel.DataAnnotations.EmailAddressAttribute, System.ComponentModel.DataAnnotations.UrlAttribute, and System.ComponentModel.DataAnnotations.PhoneAttribute). This helps to reduce security vulnerability such as avoiding the possibility of a Denial of Service attack using specific regular expressions.
In .NET Framework 4.6.1, this app setting to disable RegEx usage was set to false by default. Starting with .NET Framework 4.7.2, this config switch is set to true by default to further reduce secure vulnerability for web applications that target .NET Framework 4.7.2 and above.

Suggestion

If you find that regular expressions in your web application do not work after upgrading to .NET Framework 4.7.2, you can update the value of the &quot;dataAnnotations:dataTypeAttribute:disableRegEx&quot; setting to false to revert to the previous behavior.

<configuration>
<appSettings>
...
<add key="dataAnnotations:dataTypeAttribute:disableRegEx" value="false"/>
...
</appSettings>
</configuration>

Name Value
Scope Minor
Version 4.7.2
Type Runtime

Affected APIs

Not detectable via API analysis.

Windows Communication Foundation (WCF)

WCF AddressHeaderCollection now throws an ArgumentException if an addressHeader element is null

Details

Starting with the .NET Framework 4.7.1, the AddressHeaderCollection(IEnumerable<AddressHeader>) constructor throws an ArgumentException if one of the elements is null. In the .NET Framework 4.7 and earlier versions, no exception is thrown.

Suggestion

If you encounter compatibility issues with this change on the .NET Framework 4.7.1 or a later version, you can opt-out of it by adding the following line to the <runtime> section of the app.config file:

<configuration>
  <runtime>
    <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableAddressHeaderCollectionValidation=true" />
  </runtime>
</configuration>
Name Value
Scope Minor
Version 4.7.1
Type Runtime

Affected APIs

WCF MsmqSecureHashAlgorithm default value is now SHA256

Details

Starting with the .NET Framework 4.7.1, the default message signing algorithm in WCF for Msmq messages is SHA256. In the .NET Framework 4.7 and earlier versions, the default message signing algorithm is SHA1.

Suggestion

If you run into compatibility issues with this change on the .NET Framework 4.7.1 or later, you can opt-out the change by adding the following line to the <runtime> section of your app.config file:

<configuration>
  <runtime>
    <AppContextSwitchOverrides value="Switch.System.ServiceModel.UseSha1InMsmqEncryptionAlgorithm=true" />
  </runtime>
</configuration>
Name Value
Scope Minor
Version 4.7.1
Type Runtime

Affected APIs

Not detectable via API analysis.

WCF PipeConnection.GetHashAlgorithm now uses SHA256

Details

Starting with the .NET Framework 4.7.1, Windows Communication Foundation uses a SHA256 hash to generate random names for named pipes. In the .NET Framework 4.7 and earlier versions, it used a SHA1 hash.

Suggestion

If you run into compatibility issue with this change on the .NET Framework 4.7.1 or later, you can opt-out it by adding the following line to the <runtime> section of your app.config file:

<configuration>
  <runtime>
    <AppContextSwitchOverrides value="Switch.System.ServiceModel.UseSha1InPipeConnectionGetHashAlgorithm=true" />
  </runtime>
</configuration>
Name Value
Scope Minor
Version 4.7.1
Type Runtime

Affected APIs

Not detectable via API analysis.

Windows Presentation Foundation (WPF)

Chained Popups with StaysOpen=False

Details

A Popup with StaysOpen=False is supposed to close when you click outside the Popup. When two or more such Popups are chained (i.e. one contains another), there were many problems, including:

  • Open two levels, click outside P2 but inside P1. Nothing happens.
  • Open two levels, click outside P1. Both popups close.
  • Open and close two levels. Then try to open P2 again. Nothing happens.
  • Try to open three levels. You can't. (Either nothing happens or the first two levels close, depending on where you click.)

These cases (and other variants) now work as expected.

Name Value
Scope Edge
Version 4.7.1
Type Runtime

Affected APIs

Crash in Selector when removing an item from a custom INCC collection

Details

An T:System.InvalidOperationException can occur in the following scenario:

  • The ItemsSource for a T:System.Windows.Controls.Primitives.Selector is a collection with a custom implementation of T:System.Collections.Specialized.INotifyCollectionChanged.
  • The selected item is removed from the collection.
  • The T:System.Collections.Specialized.NotifyCollectionChangedEventArgs has P:System.Collections.Specialized.NotifyCollectionChangedEventArgs.OldStartingIndex = -1 (indicating an unknown position).

The exception's call stack begins at System.Windows.Threading.Dispatcher.VerifyAccess() at System.Windows.DependencyObject.GetValue(DependencyProperty dp) at System.Windows.Controls.Primitives.Selector.GetIsSelected(DependencyObject element). This exception can occur in .NET Framework 4.5 if the application has more than one Dispatcher thread. In .NET Framework 4.7 the exception can also occur in applications with a single Dispatcher thread.

The issue is fixed in .NET Framework 4.7.1.

Suggestion

Upgrade to .NET Framework 4.7.1.

Name Value
Scope Minor
Version 4.7
Type Runtime

Affected APIs

Not detectable via API analysis.

Keytips behavior improved in WPF

Details

Keytips behavior has been modified to bring parity with behavior on Microsoft Word and Windows Explorer. By checking whether keytip state is enabled or not in the case of a SystemKey (in particular, Key or F11) being pressed, WPF handles keytip keys appropriately. Keytips now dismiss a menu even when it is opened by mouse.

Suggestion

N/A

Name Value
Scope Edge
Version 4.7.2
Type Runtime

Affected APIs

Not detectable via API analysis.

Resizing a Grid can cause the application to become unresponsive

Details

An infinite loop can occur during layout of a T:System.Windows.Controls.Grid under the following circumstances:

  • Row definitions contain two *-rows, both declaring a MinHeight and a MaxHeight.
  • Content of the *-rows doesn't exceed the corresponding MaxHeight.
  • The Grid's available height is exceeded by the first MinHeight (plus any other fixed or Auto rows).
  • The app targets .NET Framework 4.7, or opts in to the 4.7 allocation algorithm by setting Switch.System.Windows.Controls.Grid.StarDefinitionsCanExceedAvailableSpace=false.

The loop would also happen with more than two rows, or in the analogous case for columns. The issue is fixed in .NET Framework 4.7.1.

Suggestion

Upgrade to .NET Framework 4.7.1. Alternatively, if you don't need the 4.7 allocation algorithm you can use the following configuration setting:

<runtime>
  <AppContextSwitchOverrides value="Switch.System.Windows.Controls.Grid.StarDefinitionsCanExceedAvailableSpace=true" />
</runtime>
Name Value
Scope Edge
Version 4.7
Type Runtime

Affected APIs

Not detectable via API analysis.