5/12/2020

Visual Studio 2017 版本 15.9 发行说明Visual Studio 2017 version 15.9 Release Notes

| 开发者社区 | 系统要求 | 兼容性 | 可分发代码 | 许可条款 | 博客 | 已知问题 || Developer Community | System Requirements | Compatibility | Distributable Code | License Terms | Blogs | Known Issues |

若要下载 Visual Studio 2017，请单击“下载”按钮，并在出现提示时使用 Visual Studio 订阅登录。To download Visual Studio 2017, click the download button and log in with your Visual Studio Subscription when prompted. 如果你没有 Visual Studio 订阅，可以单击登录页上的“创建新的 Microsoft 帐户”免费创建一个订阅。If you don’t have a Visual Studio Subscription, you can create one for free by clicking on “Create a new Microsoft account” on the login page. 建议使用 Visual Studio 2019 获取最新功能和 bug 修复。We recommend using Visual Studio 2019 to get the latest features and bug fixes.

下载 Visual Studio 2017Download Visual Studio 2017

请访问旧版本页面，下载其他 Visual Studio 2017 产品。Visit the older version page to download other Visual Studio 2017 products.

15.9 中的新增功能What's New in 15.9

Visual Studio 2017 版本 15.9 发布Visual Studio 2017 version 15.9 Releases

2020 年 5 月 12 日 -- Visual Studio 2017 版本 15.9.23 服务更新May 12, 2020 -- Visual Studio 2017 version 15.9.23 Servicing Update
2020 年 4 月 14 日 - Visual Studio 2017 版本 15.9.22 服务更新April 14, 2020 -- Visual Studio 2017 version 15.9.22 Servicing Update
2020 年 3 月 10 日 - Visual Studio 2017 版本 15.9.21 服务更新March 10, 2020 -- Visual Studio 2017 version 15.9.21 Servicing Update
2020 年 2 月 11 日 - Visual Studio 2017 版本 15.9.20 服务更新February 11, 2020 -- Visual Studio 2017 version 15.9.20 Servicing Update
2020 年 1 月 14 日 - Visual Studio 2017 版本 15.9.19 服务更新January 14, 2020 -- Visual Studio 2017 version 15.9.19 Servicing Update
2019 年 12 月 10 日 -- Visual Studio 2017 版本 15.9.18 服务更新December 10, 2019 -- Visual Studio 2017 version 15.9.18 Servicing Update
2019 年 10 月 15 日 - Visual Studio 2017 版本 15.9.17 服务更新October 15, 2019 -- Visual Studio 2017 version 15.9.17 Servicing Update
2019 年 9 月 10 日 - Visual Studio 2017 版本 15.9.16 服务更新September 10, 2019 -- Visual Studio 2017 version 15.9.16 Servicing Update
2019 年 8 月 13 日 - Visual Studio 2017 版本 15.9.15 服务更新August 13, 2019 -- Visual Studio 2017 version 15.9.15 Servicing Update
2019 年 7 月 9 日 - Visual Studio 2017 版本 15.9.14 服务更新July 9, 2019 -- Visual Studio 2017 version 15.9.14 Servicing Update
2019 年 6 月 11 日 -- Visual Studio 2017 版本 15.9.13 服务更新June 11, 2019 -- Visual Studio 2017 version 15.9.13 Servicing Update
2019 年 5 月 14 日 -- Visual Studio 2017 版本 15.9.12 服务更新May 14, 2019 -- Visual Studio 2017 version 15.9.12 Servicing Update
2019 年 4 月 2 日 -- Visual Studio 2017 版本 15.9.11 服务更新April 02, 2019 -- Visual Studio 2017 version 15.9.11 Servicing Update
2019 年 3 月 25 日 -- Visual Studio 2017 版本 15.9.10 服务更新March 25, 2019 -- Visual Studio 2017 version 15.9.10 Servicing Update
2019 年 3 月 12 日 -- Visual Studio 2017 版本 15.9.9 服务更新March 12, 2019 -- Visual Studio 2017 version 15.9.9 Servicing Update
2019 年 3 月 5 日 -- Visual Studio 2017 版本 15.9.8 服务更新March 05, 2019 -- Visual Studio 2017 version 15.9.8 Servicing Update
2019 年 2 月 12 日 - Visual Studio 2017 版本 15.9.7 服务更新February 12, 2019 -- Visual Studio 2017 version 15.9.7 Servicing Update
2019 年 1 月 24 日 - Visual Studio 2017 版本 15.9.6 服务更新January 24, 2019 -- Visual Studio 2017 version 15.9.6 Servicing Update
2019 年 1 月 8 日 - Visual Studio 2017 版本 15.9.5 服务更新January 08, 2019 -- Visual Studio 2017 version 15.9.5 Servicing Update
2018 年 12 月 11 日 -- Visual Studio 2017 版本 15.9.4 服务更新December 11, 2018 -- Visual Studio 2017 version 15.9.4 Servicing Update
2018 年 11 月 28 日 - Visual Studio 2017 版本 15.9.3 服务更新November 28, 2018 -- Visual Studio 2017 version 15.9.3 Servicing Update
2018 年 11 月 19 日 - Visual Studio 2017 版本 15.9.2 服务更新November 19, 2018 -- Visual Studio 2017 version 15.9.2 Servicing Update
2018 年 11 月 15 日 -- Visual Studio 2017 版本 15.9.1 服务更新November 15, 2018 -- Visual Studio 2017 version 15.9.1 Servicing Update
2018 年 11 月 13 日 - Visual Studio 2017 版本 15.9 次要版November 13, 2018 -- Visual Studio 2017 version 15.9 Minor Release

重要

Visual Studio 2017 版本 15.9 安全公告通知Visual Studio 2017 version 15.9 Security Advisory Notices

2020 年 5 月 12 日 - Visual Studio 2017 版本 15.9.23 更新May 12, 2020 -- Visual Studio 2017 version 15.9.23 Update
2020 年 4 月 14 日 - Visual Studio 2017 版本 15.9.22 更新April 14, 2020 -- Visual Studio 2017 version 15.9.22 Update
2020 年 3 月 10 日 - Visual Studio 2017 版本 15.9.21 服务更新March 10, 2020 -- Visual Studio 2017 version 15.9.21 Servicing Update
2020 年 1 月 14 日 - Visual Studio 2017 版本 15.9.19 服务更新January 14, 2020 -- Visual Studio 2017 version 15.9.19 Servicing Update
2019 年 12 月 10 日 -- Visual Studio 2017 版本 15.9.18 服务更新December 10, 2019 -- Visual Studio 2017 version 15.9.18 Servicing Update
2019 年 10 月 15 日 - Visual Studio 2017 版本 15.9.17 服务更新October 15, 2019 -- Visual Studio 2017 version 15.9.17 Servicing Update
2019 年 9 月 10 日 - Visual Studio 2017 版本 15.9.16 服务更新September 10, 2019 -- Visual Studio 2017 version 15.9.16 Servicing Update
2019 年 8 月 13 日 - Visual Studio 2017 版本 15.9.15 服务更新August 13, 2019 -- Visual Studio 2017 version 15.9.15 Servicing Update
2019 年 7 月 9 日 - Visual Studio 2017 版本 15.9.14 服务更新July 9, 2019 -- Visual Studio 2017 version 15.9.14 Servicing Update
2019 年 5 月 10 日 -- Visual Studio 2017 版本 15.9.12 服务更新May 10, 2019 -- Visual Studio 2017 version 15.9.12 Servicing Update
2019 年 3 月 12 日 -- Visual Studio 2017 版本 15.9.9 服务更新March 12, 2019 -- Visual Studio 2017 version 15.9.9 Servicing Update
2019 年 2 月 12 日 - Visual Studio 2017 版本 15.9.7 服务更新February 12, 2019 -- Visual Studio 2017 version 15.9.7 Servicing Update
2019 年 1 月 8 日 - Visual Studio 2017 版本 15.9.5 服务更新January 08, 2019 -- Visual Studio 2017 version 15.9.5 Servicing Update
2018 年 12 月 11 日 -- Visual Studio 2017 版本 15.9.4 服务更新December 11, 2018 -- Visual Studio 2017 version 15.9.4 Servicing Update

Visual Studio 2017 版本 15.9.23Visual Studio 2017 version 15.9.23

发布日期：2020 年 5 月 12 日released on May 12, 2020

15.9.23 版中修复的问题Issues Fixed in 15.9.23

修复了 C++ 编译器 bug，现可正确折叠内联变量动态初始值设定项。Fixed C++ compiler bug for proper folding of inline variable dynamic initializers. 从 VS 2019 16.0 版本移植。Ported from the VS 2019 16.0 release.
vctip.exe 中的安全性改进。Security improvements in vctip.exe.
一个更改，让企业 IT 管理员和部署工程师可以配置 Microsoft 更新客户端和 SCCM 等工具，以确定 Microsoft 更新目录和 WSUS 上托管的 VS2017 更新的适用性。A change to enable Enterprise IT administrators and deployment engineers to configure tools like Microsoft Update client & SCCM to determine applicability of VS2017 updates hosted on Microsoft Update Catalog & WSUS.

安全公告通知Security Advisory Notices

.NET Core 拒绝服务漏洞.NET Core Denial of Service Vulnerability

Visual Studio 2017 版本 15.9.22Visual Studio 2017 version 15.9.22

发布时间：2020 年 4 月 14 日 released on April 14, 2020

15.9.22 版中修复的问题Issues Fixed in 15.9.22

VS2017 C++ 有时会设置错误的异常框架。VS2017 C++ sometimes set wrong exception frame.

安全公告通知Security Advisory Notices

Microsoft Visual Studio 特权提升漏洞Microsoft Visual Studio Elevation of Privilege Vulnerability
Visual Studio Extension Installer 服务特权提升漏洞Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
由于对 URL 的验证不足而导致的 Git for Visual Studio 凭据泄露漏洞Git for Visual Studio Credential Leak Vulnerability due to insufficient validation on URLs

Visual Studio 2017 版本 15.9.21Visual Studio 2017 version 15.9.21

发布时间：2020 年 3 月 10 日 released on March 10, 2020

15.9.21 版中修复的问题Issues Fixed in 15.9.21

修复了使用脱机安装程序时无法在 Visual Studio 2017 的非企业版上安装 .NET 分析工具的 bug。Fixed a bug where the .NET Profiling tools couldn't be installed on non-enterprise versions of Visual Studio 2017 when using an offline installer.
修复了 C++ 编译器的一个 bug，其中 decltype 中的 static_cast 无法正确求值。Fixed C++ compiler bug where a static_cast in a decltype would evaluate incorrectly. 为了最大程度地减少对现有代码库的干扰，在 VS2017 中，当引发（新添加的）/d1decltypeIdentityConversion 开关时，此修复将生效。To minimize disruptions to existing codebases, in VS2017 this fix takes effect when the (newly added) /d1decltypeIdentityConversion switch is thrown.
C++ 编译器中的新 Spectre 缓解选项：/Qspectre-load & /Qspectre-load-cf 用于强化推理负载。New Spectre mitigation options in C++ compiler: /Qspectre-load & /Qspectre-load-cf for speculative load hardening.

安全公告通知Security Advisory Notices

诊断中心标准收集器服务特权提升漏洞Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

如果启用了多重身份验证，则在创建 Outlook Web 加载项时将存在欺骗漏洞A spoofing vulnerability exists when creating an Outlook Web-Addin if multi-factor authentication is enabled

Visual Studio 2017 版本 15.9.20Visual Studio 2017 version 15.9.20

发布日期：2020 年 2 月 11 日 released on February 11, 2020

15.9.20 版中修复的问题Issues Fixed in 15.9.20

SQL Server 测试配置错误SQL server test configuration error
修复了导致客户对表数据排序时服务崩溃的 SQL Server 对象资源管理器问题。Fixed SQL server object explorer causing a crash when customers sort data of a table.

Visual Studio 2017 版本 15.9.19Visual Studio 2017 version 15.9.19

发布日期：2020 年 1 月 14 日 released on January 14, 2020

15.9.19 版中修复的问题Issues Fixed in 15.9.19

解决了C++ 优化器中的一个问题：写入到调用中的未知内存对调用方的影响不正确。Fixed an issue in C++ optimizer where the impact of writing to unknown memory inside a call wasn’t properly accounted for in the caller.

安全公告通知Security Advisory Notices

ASP.NET Core 拒绝服务漏洞ASP.NET Core Denial of Service Vulnerability
ASP.NET Core 远程代码执行漏洞ASP.NET Core Remote Code Execution Vulnerability

Visual Studio 2017 版本 15.9.18Visual Studio 2017 version 15.9.18

发布时间：2019 年 12 月 10 日released on December 10, 2019

15.9.18 版中修复的问题Issues Fixed in 15.9.18

可以缓解 Visual Studio 中与每个监视器感知相关的故障May allow mitigation of a Per-Monitor awareness related crash in Visual Studio

安全公告通知Security Advisory Notices

由于对子模块名称的限制过于宽松导致 Visual Studio 远程执行漏洞的 GitGit for Visual Studio Remote Excecution Vulnerability due to too lax restrictions on submodule names
由于命令行参数的错误引用导致 Visual Studio 远程执行漏洞的 GitGit for Visual Studio Remote Excecution Vulnerability due to incorrect quoting of command-line arguments
由于在克隆期间使用了非字母驱动器名称导致 Visual Studio 任意文件覆盖漏洞的 GitGit for Visual Studio Arbitrary File Overwrite Vulnerability due to usage of non-letter drive names during clone
由于未感知 NTFS 备用数据流导致 Visual Studio 远程执行漏洞的 GitGit for Visual Studio Remote Excecution Vulnerability due to unawareness of NTFS Alternate Data Streams
由于未拒绝写入包含反斜杠的跟踪文件导致的 Visual Studio 任意文件覆盖漏洞的 GitGit for Visual Studio Arbitrary File Overwrite Vulnerability due to not refusing to write out tracked files containing backslashes
由于对递归克隆中的子模块名称的验证过于宽松导致的 Visual Studio 远程执行漏洞的 GitGit for Visual Studio Remote Execution Vulnerability due to too lax validation of submodule names in recursive clones

Visual Studio 2017 版本 15.9.17Visual Studio 2017 version 15.9.17

发布日期：2019 年 10 月 15 日 released on October 15, 2019

安全公告通知Security Advisory Notices

NPM 包特权提升漏洞NPM Package Elevation of Privilege Vulnerability

Visual Studio 2017 版本 15.9.16Visual Studio 2017 version 15.9.16

发布时间：2018 年 9 月 10 日 released on September 10, 2019

15.9.16 版中修复的问题Issues Fixed in 15.9.16

以下问题已在 15.9.16 版中得到解决：These are the issues addressed in 15.9.16:

程序集与函数的代码不匹配Assembly does not match code for function
System.InvalidProgramException：公共语言运行在检测 x64 项目时检测到无效程序。System.InvalidProgramException: Common Language Runtime detected an invalid program. when instrumenting x64 projects
noexcept 代码的跨 EH 模式内联导致意外行为Cross-EH mode inlining of noexcept code produces unexpected behavior
更正了 HTML Help Workshop 不能修复的问题。Corrected issue with HTML Help Workshop failing to repair.

安全公告通知Security Advisory Notices

诊断中心标准收集器服务特权提升漏洞Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
.NET Core 中的拒绝服务漏洞Denial of Service Vulnerability in .NET Core

发布日期：2019 年 8 月 13 日 released on August 13, 2019

15.9.15 版中修复的问题Issues Fixed in 15.9.15

以下问题已在 15.9.15 版中得到解决：These are the issues addressed in 15.9.15:

更新了 VC 可再发行包的签名，可以在 Windows XP 上持续部署。Updated signing of VC Redist packages to enable continued deployment on Windows XP. 此修补程序要求重启计算器来安装 VC++ Redistributable 包更新版的可能性更高。This fix may have an increased chance of requiring a reboot of the machine in order to install an updated VC++ Redistributable package.
修复了 GoToDefinition 不可用于 cshtml 文件的脚本块中的 JavaScript 的问题。Fixed in issue where GoToDefinition does not work for JavaScript in script blocks of cshtml files.
若调用 pmr monotonic_buffer_resource 发布，就会损坏内存。Calling pmr monotonic_buffer_resource release will corrupt memory.
修复某些 C++ 项目中升级到 15.9.13 版本时的 HRESULT E_FAIL 生成错误Fix for HRESULT E_FAIL build error in some C++ projects when upgrading to 15.9.13

安全公告通知Security Advisory Notices

Git for Visual Studio 特权提升漏洞Git for Visual Studio Elevation of Privilege Vulnerability

Visual Studio 2017 版本 15.9.14Visual Studio 2017 version 15.9.14

发布日期：2019 年 7 月 9 日 released on July 9, 2019

15.9.14 版中修复的问题Issues Fixed in 15.9.14

以下问题已在 15.9.14 版中得到解决：These are the issues addressed in 15.9.14:

修复了切换分支时导致 Visual Studio 2017 发生故障的 bug。Fixed a bug causing Visual Studio 2017 crashes when switching branches.
修复了代码分析过程中导致内部编译器错误 (fbtctree.cpp', line 5540) 的 bug。Fixed a bug causing internal compiler error (fbtctree.cpp', line 5540) during code analysis.
修复了 Ryzen 处理器的 memcpy/memset 中的性能回归。Fixed a performance regression in memcpy/memset for Ryzen processors.
更新了 Service Fabric 工具，以支持 6.5 版的 Service Fabric。Updated Service Fabric tooling to support the 6.5 Service Fabric release.
启用了屏幕阅读器，以在 .NET 4.8 上正常发布 TeamExplorer 的通知。Enabled screen reader to announce TeamExplorer's notifications properly on .NET 4.8.
VS2017 15.8 内部编译器错误 ('msc1.cpp', line 1518)：预处理器和 #import 之间的冲突。VS2017 15.8 Internal compiler error ('msc1.cpp', line 1518): Conflict between preprocessor and #import.
PREfast 19.16.27023.1 (15.9 RTW) 中的 ICE。ICE in PREfast 19.16.27023.1 (15.9 RTW).

安全公告通知Security Advisory Notices

Visual Studio 扩展自动更新漏洞Visual Studio Extension Auto Update Vulnerability
Visual Studio WorkFlowMarkUpDeserializerRCE 漏洞Visual Studio WorkFlowMarkUpDeserializerRCE Vulernability
ASP.NET Core 欺骗漏洞ASP.NET Core Spoofing Vulnerability

Visual Studio 2017 版本 15.9.13Visual Studio 2017 version 15.9.13

发布日期：2019 年 6 月 11 日 released on June 11, 2019

15.9.13 版中修复的问题Issues Fixed in 15.9.13

15.9.13 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.13:

修复了导致代码分析在某些 C++ 项目上停止运行的 bug。Fixed a bug that caused Code Analysis to stop running on some C++ projects.
在架构比较工具中修复了 bug，其中向空架构添加表失败，但显示已成功。Fixed a bug in the Schema Compare Tool where adding tables with an empty schema failed but was shown as successful.
修复了所选的语言版本低于最新安装的版本时出现的 TypeScript 生成问题。Fixed a TypeScript build issue when the selected language version is lower than the latest installed.
修复了数据未解析的对象引用错误。Fixed a Database unresolved reference to object error.
改进了加载 Visual Studio 时的性能问题。Improved performance issues on loading Visual Studio.
已修复的已知问题：调试期间未在诊断工具窗口的“内存使用”工具中为 C++ 本机代码创建快照。Fixed known issue: No snapshot created for C++ native code in Memory Usage tool in the Diagnostic Tools window while debugging..
已修复的已知问题： SSDT 添加了硬编码的 mmsdb 和/或 master.dacpac 路径Fixed known issue: SSDT adds hardcoded mmsdb and/or master.dacpac path
已修复的已知问题： SSDT 添加了对系统数据库的引用：“ArtifactReference”和“HintPath”交换导致在使用 MSBuild 时生成失败Fixed known issue: SSDT Add reference to System Database: "ArtifactReference" and "HintPath" swapped causing build failure when using MSBuild

Visual Studio 2017 版本 15.9.12Visual Studio 2017 version 15.9.12

发布日期：2019 年 5 月 14 日 released on May 14, 2019

15.9.12 版中修复的问题Issues Fixed in 15.9.12

15.9.12 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.12:

Access violation C++ /CLI 15.9.5 ISO C++ Latest Draft Standard since 15.9.5（遵循 C++ /CLI 15.9.5 ISO C++ 最新草案标准（从 15.9.5 版本开始）时出现访问冲突）。Access violation C++ /CLI 15.9.5 ISO C++ Latest Draft Standard since 15.9.5.
加载此属性页时出错 (CSS & JSON)。An error occurred loading this property page (CSS & JSON).
Visual Studio 2017 编辑 package.json 时出现故障。Visual Studio 2017 crashing when editing package.json.
打开 package.json 时锁定 Visual Studio。Opening package.json locks up Visual Studio.
PGO Code Gen Bug - Vectorized instruction accessing memory OOB（PGO Code Gen Bug - 访问内存 OOB 的矢量化指令）。PGO Code Gen Bug - Vectorized instruction accessing memory OOB.
递归桶拆分例程中生成错误代码。Bad code gen in recursive bucket split routine.
15.8.9 版中的编译器优化 bug。Compiler optimization bug in 15.8.9.
已修复了在分布式生成系统（如 IncrediBuild）中使用 PCH、/Zi 和 /GL 时发生的链接器错误 LNK4020。Fixed a linker error LNK4020 when using PCH, /Zi, and /GL in distributed build systems, such as IncrediBuild. C++ 编译器后端现在在生成跨模块内联的调试信息时，可以将 CIL OBJ 与其相应的编辑器生成的 PDB 正确关联。The C++ compiler backend now correctly associates CIL OBJs with their corresponding compiler generated PDB when generating debug info for cross-module inlining.

安全公告通知Security Advisory Notices

诊断中心标准收集器漏洞Diagnostics Hub Standard Collector Vulnerability

Visual Studio 2017 版本 15.9.11Visual Studio 2017 version 15.9.11

发布时间：2019 年 4 月 2 日 released on April 02, 2019

15.9.11 版中修复的问题Issues Fixed in 15.9.11

15.9.11 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.11:

Access violation C++ /CLI 15.9.5 ISO C++ Latest Draft Standard since 15.9.5（遵循 C++ /CLI 15.9.5 ISO C++ 最新草案标准（从 15.9.5 版本开始）时出现访问冲突）。Access violation C++ /CLI 15.9.5 ISO C++ Latest Draft Standard since 15.9.5.
PGO Code Gen Bug - Vectorized instruction accessing memory OOB（PGO Code Gen Bug - 访问内存 OOB 的矢量化指令）。PGO Code Gen Bug - Vectorized instruction accessing memory OOB.
编辑 package.json 时 Visual Studio 完全冻结。Visual Studio completely freezes when editing package.json.
加载此属性页时出错 (CSS & JSON)。An error occurred loading this property page (CSS & JSON).
现在，单击 Azure 活动日志中的 Web 应用 URL 即可成功发布云服务项目。Clicking on a web app URL in the Azure activity log now successfully publishes a Cloud Service Project.
即使未登录包含功能应用的帐户，现也可以发布到 Function App。You can now publish to a Function app even if you are not logged into the account that contains the function app.
我们在 HTML 编辑器中修复了一个未经处理的异常。We have fixed an unhandled exception in the HTML editor.
我们更新了 scaffolding 包，以安装适用于 .NET Core 2.1 的 Microsoft.VisualStudio.Web.CodeGeneration.Design 包版本 2.1.9 和适用于 .NET Core 2.2 的版本 2.2.3。We have updated the scaffolding package to install Microsoft.VisualStudio.Web.CodeGeneration.Design package version 2.1.9 for .NET Core 2.1 and version 2.2.3 for .NET Core 2.2.
我们已实现了 C++ 编译器修复程序，以在发布模式下使用 setjmp/longjmp 更正对代码的异常处理支持。We have implemented a C++ compiler fix to correct exception handling support for code using setjmp/longjmp in Release mode.
我们已实现了关于 PDB 中信息的 C++ 链接器修复程序，其中，当指定选项 /PDBSTRIPPED 时，如果 PDBCopy.exe 或 link.exe 生成提取 PDB 文件，错误的模块信息可能导致堆损坏。We have implemented a C++ linker fix regarding information in PDB where the incorrect module info could result in heap corruption when producing a stripped PDB file either by PDBCopy.exe or by link.exe when option /PDBSTRIPPED is specified.
更正了 ARM64 Visual C++ 可再发行组件安装程序的双签名问题。We have corrected dual signing of the ARM64 Visual C++ Redistributable installer.

Visual Studio 2017 版本 15.9.10Visual Studio 2017 version 15.9.10

发布时间：2019 年 3 月 25 日released on March 25, 2019

15.9.10 版中修复的问题Issues Fixed in 15.9.10

15.9.10 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.10:

已修复：在配置了 Web 代理的情况下使用 Docker 进行调试所遇到的问题。We have fixed an issue with debugging using Docker when a web proxy is configured.
现在使用 Docker 进行调试时，针对与驱动器共享配置相关的故障进行错误处理时，可获得更好的效果。In debugging using Docker, you will now experience improved error handling for failures related to drive sharing configuration (for example, expired credentials).

Visual Studio 2017 版本 15.9.9Visual Studio 2017 version 15.9.9

发布时间：2019 年 3 月 12 日 released on March 12, 2019

15.9.9 版中修复的问题Issues Fixed in 15.9.9

15.9.9 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.9:

已修复：在订阅所有者名称中包含撇号 (’) 的情况下，部署资源组项目会出错。We have fixed an issue with deploying resource group projects when a subscription owner's name contains an apostrophe.
SSDT：修复了SIS Foreach 循环容器中的崩溃问题。SSDT: We fixed a crash in the SSIS Foreach Loop container.
.NET 本机工具 2.2 (UWP 6.2.4) 中修复了影响 UWP 客户的一些 .NET 本机问题。 A few .NET native for UWP customer issues were fixed in .NET native tools 2.2 (UWP 6.2.4).
更正了 Visual C++ Redistributable 安装程序双签名的问题。We have corrected dual signing of Visual C++ Redistributable installers.

安全公告通知Security Advisory Notices

Visual Studio C++ Redistributable 安装程序在加载动态链接库 (DLL) 之前错误验证输入时，存在远程代码执行漏洞。A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files.
Unity 编辑器远程代码执行漏洞。Unity Editor Remote Code Execution Vulnerability.
.NET core NuGet 篡改漏洞。.NET Core NuGet Tampering Vulnerability.

Visual Studio 2017 版本 15.9.8Visual Studio 2017 version 15.9.8

发布时间：2019 年 3 月 5 日 released on March 05, 2019

15.9.8 版中修复的问题Issues Fixed in 15.9.8

15.9.8 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.8:

Visual Studio 2017 版本 15.9.7Visual Studio 2017 version 15.9.7

发布日期：2019 年 2 月 12 日 released on February 12, 2019

15.9.7 版中修复的问题Issues Fixed in 15.9.7

15.9.7 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.7:

展开变量时出现崩溃！.Crashes when expanding variables!.
/DEBUG:FASTLINK + C7 + PCH 故障调试程序./DEBUG:FASTLINK + C7 + PCH crashes debugger.
本机 C++ 应用程序崩溃，因为 VS 2017 15.9.2 中的堆栈已损坏。Native C++ application crashes because of stack corruption with VS 2017 15.9.2.
发布模式代码不正确。Incorrect Release Mode code.
Xamarin 未观察到 Web 请求任务异常。Xamarin Unobserved Task Exception WebRequest.
链接 /SOURCELINK 选项似乎不起作用。Link /SOURCELINK option seems to do nothing. 这可修复托管 c + + 调试的源链接。This fixes Source Link for Managed C++ Debugging.
修复了调试时 AVX/MPX/AVX512 寄存器损坏的问题。Fixed an issue with corruption of AVX/MPX/AVX512 registers while Debugging.
更新了用于 C++ UWP DesktopBridge 应用程序的 Microsoft.VCLibs.140.00.UWPDestkop 框架包，添加了对 ARM64 的支持。Update of Microsoft.VCLibs.140.00.UWPDestkop framework packages for C++ UWP DesktopBridge applications adding support for ARM64.
更正了 Microsoft.VCToolsVersion.default.props 中的 VCToolsRedistVersion 版本错误。Corrected incorrect version of VCToolsRedistVersion in Microsoft.VCToolsVersion.default.props.
更正了 VC Redist 安装程序的未签名嵌入式 dll。Corrected unsigned embedded dll for VC Redist installers.
SSDT/Web 工具：修复了在 Polish、Turkish 和 Czech 区域设置中未安装 SQL LocalDB 的问题。SSDT/Web Tools: We fixed an issue where SQL LocalDB was not installed on Polish, Turkish, and Czech locales.
SSDT：修复了影响 SQL Server Aalysis Services 的问题（单击 UI 时找不到方法的异常）。SSDT: We fixed an issue affecting SQL Server Analysis Services (Method not found exception when clicking on UI).
SSDT：修复了使用高对比度模式时导致目录在结果窗口中不可见的可访问性问题。SSDT: We fixed an accessibility issue which was causing the contents of a table not to be visible in the result window when using High-Contrast mode.

安全公告通知Security Advisory Notices

WorkflowDesigner XOML 反序列化允许代码执行。WorkflowDesigner XOML deserialization allows code execution.
.NET framework 和 Visual Studio 欺骗漏洞。.NET Framework and Visual Studio Spoofing Vulnerability.

Visual Studio 2017 版本 15.9.6Visual Studio 2017 version 15.9.6

发布日期：2019 年 1 月 24 日released on January 24, 2019

15.9.6 中修复的问题Issues Fixed in 15.9.6

15.9.6 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.6:

Visual Studio 2017 版本 15.9.5Visual Studio 2017 version 15.9.5

发布日期：2019 年 1 月 8 日 released on January 08, 2019

15.9.5 中修复的问题Issues Fixed in 15.9.5

15.9.5 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.5:

VSX1000：未向 MSBuild 提供足够信息，无法建立到远程服务器的连接。VSX1000: No enough information has been provided to MSBuild in order to establish a connection to a Remote Server.
Visual C++ 2017 Redistributable for ARM64 不可通过 visualstudio.com 使用。Visual C++ 2017 Redistributable for ARM64 is not available via visualstudio.com.
VC Runtime Redistributable Update for VS 15.9 将删除注册表项。VC Runtime Redistributable Update for VS 15.9 deletes Registry Key. 此修补程序要求重启计算器来安装 VC++ Redistributable 包更新版的可能性更高。This fix may have an increased chance of requiring a reboot of the machine in order to install an updated VC++ Redistributable package.
托管的 C++ 中的 codegen 错误，存在列表到列表分配。Incorrect codegen in managed c++ with List to List assignment.
在 Visual Studio 15.9.4 更新后无法连接到 Mac 版本主机。Can't connect to mac build host after Visual Studio 15.9.4 update.
具有 AndroidAarLibrary 项目的增量生成中缺少资源目录。Resource directories missed in incremental builds with AndroidAarLibrary items.
大量外部程序集引用 - JNI 错误（应用 bug）：本地引用表溢出（最大值=512）。Lots of external assembly references - JNI ERROR (app bug): local reference table overflow (max=512).
Unity 编辑器已更新至 2018.3。The Unity Editor has been updated to 2018.3. 有关详细信息，请访问链接 Unity 网站。For more information, please visit the Unity website.
SSDT：我们启用了 SQL 项目来生成在未索引视图上具有未聚集列存储索引的架构。SSDT: We enabled SQL projects to build schemas that have non-clustered columnstore indexes on an indexed views.
SSDT：修复了生成脚本时架构比较工具中存在的显著性能问题。SSDT: We fixed a significant performance issue in the schema compare tool when generating a script.
SSDT：修复了架构比较工具中强制与可重启脚本和发布操作进行比较的架构偏差检测逻辑。SSDT: We fixed the schema drift detection logic in the schema compare tool which forced a new comparison to reenable scripting and publishing actions.

安全公告通知Security Advisory Notices

当 C++ 编译器对特定 C++ 构造组合处理不当时，Visual Studio 中会出现远程代码执行漏洞。A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs.

Visual Studio 2017 版本 15.9.4Visual Studio 2017 version 15.9.4

发布时间：2018 年 12 月 11 日 released on December 11, 2018

15.9.4 中修复的问题Issues Fixed in 15.9.4

15.9.4 中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.4:

Visual Studio 15.9 在解决方案重新加载时重复加载已打开的文件。Visual Studio 15.9 duplicate loads open files on solution reload.
所有用户现在都可以通过团队资源管理器连接到本地 TFS 服务器。All users can now connect to on-premise TFS servers through Team Explorer.
在 GUI 生成期间（使用的是 Visual Studio 15.8.2），Visual Studio 15.8.3 不再为项目定义的项扩展 ItemDefinitionGroup 中的元数据。Visual Studio 15.8.3 no longer expands metadata in ItemDefinitionGroup for project-defined items during GUI builds (worked in Visual Studio 15.8.2).
Visual Studio 对同一个文件有多个选项卡。Visual Studio has multiple tabs for the same file.
System.ArgumentException：参数不正确。（HRESULT 异常：0x80070057 (E_INVALIDARG))。System.ArgumentException: The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG)).
找不到 LNK4099 PDB。LNK4099 PDB not found.
资产目录为空。Asset Catalog empty.
/analyze 无法使用 /ZW 进行 C++ 编码。/analyze fails for C++ code using /ZW.
C++ 编译器代码优化 bug。C++ compiler code optimization bug.
Xamarin.iOS 无法为图像视图选择图像资产。Xamarin.iOS can't select image asset for Image View.
引用包含资产目录中图像资产的共享项目的 iOS 项目无法在 Windows 上加载。iOS projects referencing a shared project containing image assets in an asset catalog fail to load on windows.
VS 15.8.6 中的 iOS 初始屏幕上没有填充图像。Image not populating on iOS splashscreen in VS 15.8.6.
VS2017 15.8 中联合/位域分配可能出现代码生成错误。Possible bad codegen on union/bitfield assignment in VS2017 15.8.
修复 C# UWP 应用商店 1201 提交问题。Fix C# UWP Store 1201 Submission Issue.
修复 C# UWP 包创建错误 APPX1101：有效负载中有两个或多个文件的目标路径都是“System.Runtime.CompilerServices.Unsafe.dll”。Fix C# UWP package creation error APPX1101: Payload contains two or more files with the same destination path 'System.Runtime.CompilerServices.Unsafe.dll'.
错误 MT2002：生成 Xamarin.iOS 项目时，无法从“System.Threading.Tasks.Extensions ...”解析“System.Runtime.CompilerServices.AsyncValueTaskMethodBuilder”引用。Error MT2002: Failed to resolve 'System.Runtime.CompilerServices.AsyncValueTaskMethodBuilder' reference from 'System.Threading.Tasks.Extensions...'" when building a Xamarin.iOS project.
使用 AndroidClientHandler 时，无法重定向到相对 URL。Redirecting to a relative url doesn't work when using AndroidClientHandler.
使用 C 编译器编译的未命名枚举的 typedef 的调试信息现已还原。Debug information for typedefs of unnamed enums compiled with the C compiler is now restored.
现在可以生成 delayimp.lib 的 Spectre 已缓解 x86 版本（已启用 /Qspectre 缓解）。The spectre-mitigated x86 version of delayimp.lib is now built with /Qspectre mitigations enabled.
为了缩短解决方案加载时间，更改了 Xamarin.iOS 项目中资产目录的加载方式。Changes were made to how Asset Catalogs in Xamarin.iOS projects are loaded in order to reduce solution load time.
已将 Xamarin.Forms 模板更新为使用最新版本。We have updated Xamarin.Forms templates to use the latest version.
我们修复了通过 Kestrel 调试的 ASP.NET Core Web 应用程序存在的问题，即显示错误消息“无法配置 HTTPS 终结点。We have fixed an issue with ASP.NET Core Web Applications being debugged through Kestrel that would show the error message "Unable to configure HTTPS endpoint. 未指定服务器证书...”。No server certificate was specified...".
现在，通过使用特定的应用设置，可以在 Visual Studio 应用服务中启用 AppInsights 站点扩展。Enabling the AppInsights site extension in App Service from Visual Studio now happens through the use of specific Application Settings.

安全公告通知Security Advisory Notices

如果诊断中心标准收集器服务不正确地处理特定文件操作，就会存在特权提升漏洞。An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles certain file operations.

Visual Studio 2017 版本 15.9.3Visual Studio 2017 version 15.9.3

发布日期：2018 年 11 月 28 日 released on November 28, 2018

15.9.3 中修复的问题Issues Fixed in 15.9.3

15.9.3 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.3:

Visual Studio 2017 版本 15.9.2Visual Studio 2017 version 15.9.2

发布日期：2018 年 11 月 19 日released on November 19, 2018

15.9.2 中修复的问题Issues Fixed in 15.9.2

15.9.2 版中解决了客户报告的下列问题：These are the customer-reported issues addressed in 15.9.2:

MFC EXE（二进制）的大小比 VS 15.8 大五倍 (_MSC_VER = 1915)。MFC EXE (binary) size is 5 times bigger in VS 15.8 (_MSC_VER = 1915).
不支持“OPENSSH”密钥。Key 'OPENSSH' is not supported.
Windows 放大镜不再跟踪键盘光标。Windows magnifier can no longer track keyboard cursor.
分析失败，while 循环中出现立即调用的 lamba。Analysis fails with immediately-invoked lamba in while loop.
Xamarin iOS 设计器不适用于版本 15.9 和 Xamarin.iOS 12.2.1.10。Xamarin iOS designer not working with 15.9 and Xamarin.iOS 12.2.1.10.
提升了大型 C++ 项目的增量链接的可靠性。We improved the reliability of incremental linking for large C++ projects.
现在将解决某些矢量删除析构函数的 LNK2001“外部符号无法解析”错误。LNK2001 "unresolved external symbol" errors for certain vector deleting destructors will now be resolved.
针对大量使用将 lambda 或本地类作为参数或返回类型的链接内联函数的代码，缩短了编译器执行时间。Compiler execution time has been improved for code that makes heavy use of chained, inline functions involving lambdas or local classes as parameter or return types.

Visual Studio 2017 版本 15.9.1Visual Studio 2017 version 15.9.1

发布日期：2018 年 11 月 15 日released on November 15, 2018

15.9.1 中修复的问题Issues Fixed in 15.9.1

以下问题已在 15.9.1 版中得到解决：These are the issues addressed in 15.9.1:

修复了以下 bug：使用 Microsoft Xbox One XDK 时，Visual Studio 无法生成项目。Fixed a bug where Visual Studio would fail to build projects using the Microsoft Xbox One XDK.

15.9.1 版中新增功能的详细信息Details of What's New in 15.9.1

通用 Windows 平台开发 SDKUniversal Windows Platform Development SDK

Windows 10 2018 年 10 月更新 SDK - 内部版本 17763 现在是通用 Windows 平台开发工作负载所选的默认 SDK。The Windows 10 October 2018 Update SDK (build 17763) is now the default selected SDK for the Universal Windows Platform development workload.

15.9 版中的主要新增功能摘要Summary of Notable New Features in 15.9

现在可以使用 Visual Studio 实例来导入和导出指定应安装的工作负载和组件的安装配置文件。You can now import and export an installation configuration file that specifies which workloads and components should be installed with an instance of Visual Studio.
使用新符号包格式 (.snupkg) 改进了 NuGet 包的调试体验。We have improved the debugging experience for NuGet packages using the new symbol package format (.snupkg).
在调试器中后退目前在 C++ 中对企业客户提供。Step back in debugger is now available in C++ for Enterprise customers.
C++ IntelliSense 现响应面向 Linux 的 CMake 和 MSBuild 项目的远程环境中的更改。C++ IntelliSense now responds to changes in the remote environment for both CMake and MSBuild projects targeting Linux.
已对 UWP Desktop Bridge 框架包进行了更新并添加了对 ARM64 C++ 本机桌面方案的支持。We have made updates to UWP Desktop Bridge framework packages and added support for ARM64 C++ Native Desktop scenarios.
添加了对 C++ range-v3 库和 MSVC 15.9 编译器配合使用的支持。We added support for the range-v3 library with the MSVC 15.9 compiler.
修复了 F# 编辑器和 F# 工具中的多个 bug。We fixed several bugs in the F# compiler and F# tools.
为新的 TypeScript 功能的语义文件重命名和项目引用提供语言服务支持。Language service support for new TypeScript features for semantic file renaming and project references.
通过更新 Vue.js 模板和使用 Jest 框架添加对单元测试的支持改进了 Node.js 开发。Improved Node.js development by updating Vue.js templates and adding support for unit testing using the Jest framework.
添加了 SharePoint 2019 项目模板，可以将现有 SharePoint 2013 和 2016 项目迁移到 SharePoint 2019。We added SharePoint 2019 project templates, so you can migrate existing SharePoint 2013 and 2016 projects to SharePoint 2019.
Visual Studio Tools for Xamarin 现支持 Xcode 10。Visual Studio Tools for Xamarin now supports Xcode 10.
我们对 Xamarin.Android 生成性能进行了改进。We made improvements to the Xamarin.Android build performance.
添加和改进了通用 Windows 平台开发人员适用的功能，其中包括 ARM64 支持、最新的预览版 SDK、更好的桌面桥接应用程序调试和 XAML 设计器改进。We have added and improved features for Universal Windows Platform developers, including ARM64 support, the latest preview SDK, better debugging of Desktop Bridge applications, and XAML Designer improvements.
对使用已经过身份验证的包源的体验进行了实质性的改善。Substantial improvements were made to the experience of using authenticated package feeds.
现支持针对基于 PackageReference 的项目的锁定文件以实现重复还原。There is now support for lock file to enable repeatable restore for PackageReference based projects.
添加了对 NuGet 包的新许可证格式的支持。We have added support for the new license format for NuGet packages.
我们在 Visual Studio 中引入了 NuGet 客户端策略，使你能够锁定环境以便只可安装信任的包。We have introduced NuGet client policies in Visual Studio which enables you to lock down environments such that only trusted packages can be installed.
我们使在 Visual Studio 内使用 .NET Core 的可预测性更高。We made the use of .NET Core within Visual Studio more predictable.

15.9 版中解决的首要问题Top Issues Fixed in 15.9

请参阅 Visual Studio 2017 15.9 版中已解决的客户所报所有问题。See all customer-reported issues fixed in Visual Studio 2017 version 15.9.

15.9 版中新增功能的详细信息Details of What's New in 15.9

Visual Studio 2017 版本 15.9.0Visual Studio 2017 version 15.9.0

发布日期：2018 年 11 月 13 日released on November 13, 2018

15.9 版中的新增功能New Features in 15.9

安装Install

我们让你能够更为轻松地跨 Visual Studio 的多个安装来保持安装设置的一致性。We made it easier to keep your installation settings consistent across multiple installations of Visual Studio. 你现在可以使用 Visual Studio 安装程序为给定的 Visual Studio 实例导出 .vsconfig 文件。You can now use the Visual Studio Installer to export a .vsconfig file for a given instance of Visual Studio. 此文件将包含有关你已安装的工作负载和组件的信息。This file will contain information about what workloads and components you have installed. 然后，可以导入此文件，以将这些工作负载和组件选项添加到 Visual Studio 的其他安装中。You can then import this file to add these workload and component selections to another installation of Visual Studio.

调试Debugging

已支持使用基于可移植 pdb 的新符号包格式 (.snupkg)。We have added support for consuming the new portable-pdb based symbol package format (.snupkg). 添加了工具，使你可从 NuGet.org 符号服务器等源轻松使用和管理符号包。We have added tooling to make it easy to consume and manage these symbol packages from sources like the NuGet.org symbol server.

C++C++

我们在 Visual Studio Enterprise 版本的适用于 C++ 的调试器中添加了“后退”功能。We've added the "step back" feature in the debugger for C++ in the Visual Studio Enterprise Edition. 后退功能使你能够及时返回，以及时查看之前的应用程序的状态。Step back enables you to go back in time to view the state of your application at a previous point in time.
C++ IntelliSense 现响应面向 Linux 的 CMake 和 MSBuild 项目的远程环境中的更改。C++ IntelliSense now responds to changes in the remote environment for both CMake and MSBuild projects targeting Linux. 安装新的库或更改 CMake 项目时，C++ IntelliSense 将自动分析远程计算机上的新头文件，以实现完整无缝的 C++ 编辑体验。As you install new libraries or change your CMake projects, C++ IntelliSense will automatically parse the new headers files on the remote machine for a complete and seamless C++ editing experience.
已将 UWP Desktop Bridge 框架包更新至 Windows 应用商店的最新版本，适用于包括 ARM64 在内的所有受支持的体系结构。We've updated the UWP Desktop Bridge framework packages to match the latest in the Windows Store for all supported architectures, including ARM64.
除修复了 60 个阻止性 bug 外，还添加了对 range-v3 库和 MSVC 15.9 编译器配合使用的支持，在 /std:c++17 /permissive- 下提供。In addition to fixing 60 blocking bugs, we have added support for the range-v3 library with the MSVC 15.9 compiler, available under /std:c++17 /permissive-.
Visual Studio 中的零售 VCLibs 框架包已更新至 UWP 应用商店中的最新版。The retail VCLibs framework package in Visual Studio has been updated to match the latest available version in the UWP Store.
现已完全支持 ARM64 C++ 本机桌面方案（包括 VC++ 2017 可再发行版）。Full support is now available for ARM64 C++ Native Desktop scenarios, including VC++ 2017 Redistributable.
我们在 C++ 17 的 charconv 标头中实现了浮点 to_chars() 的最短往返程十进制重载。We implemented the shortest round-trip decimal overloads of floating-point to_chars() in C++17's charconv header. 使用科学记数法，约是 sprintf_s() "%.8e" 的 10 倍快（对于单精度浮点），是 sprintf_s() "%.16e" 的 30 倍快（对于双精度浮点）。For scientific notation, it is approximately 10x as fast as sprintf_s() "%.8e" for floats, and 30x as fast as sprintf_s() "%.16e" for doubles. 这使用 Ulf Adams 新算法 - Ryu。This uses Ulf Adams' new algorithm, Ryu.
对 Visual C++ 编译器的标准符合性进行了一系列改进，标准符合性可能要求在严格符合性模式下进行源更改，可在此处找到这一系列改进。A list of improvements to the standards conformance of the Visual C++ compiler, which potentially require source changes in strict conformance mode, can be found here.
我们已弃用 C++ 编译器 /Gm 交换机。We have deprecated the C++ Compiler /Gm switch. 如果已显式定义，请考虑在生成脚本中禁用 /Gm 交换机。Consider disabling the /Gm switch in your build scripts if it's explicitly defined. 或者，也可以安全地忽略针对 /Gm 的弃用警告，因为在使用“将警告视为错误”(/WX) 时不会将其视为错误。Alternatively, you can also safely ignore the deprecation warning for /Gm as it will not be treated as error when using "Treat warnings as errors" (/WX).

F#F#

F# 编译器F# Compiler

我们修复了采用 byref 值的扩展方法可能转变不可变值的 bug。We fixed a bug where extension methods that take byref values could mutate an immutable value.
改进了 byref/inref/outref 上的重载的编译错误信息，而非显示以前模糊的错误。We improved the compile error information for overloads on byref/inref/outref, rather than displaying the previously obscure error.
现已完全不允许使用 byref 上的可选类型扩展。Optional Type Extensions on byrefs are now disallowed entirely. 之前可以声明它们，但无法使用，从而令客户困惑。They could be declared previously, but were unusable, resulting in a confusing user experience.
修复了在结构元组上使用 CompareTo 并产生使用别名的结构元组的类型等效项而造成运行时异常的 bug。We fixed a bug where CompareTo on a struct tuple and causing a type equivalence with an aliased struct tuple would result in a runtime exception.
修复了在创作适用于 .NET Standard 的类型提供程序时使用 System.Void 可能无法在设计时查找 System.Void 类型的 bug。We fixed a bug where use of System.Void in the context of authoring a Type Provider for .NET Standard could fail to find the System.Void type at design-time.
修复了部分应用的可区分联合构造函数不匹配可区分联合的带批注或推论出的类型时可能发生内部错误的 bug。We fixed a bug where an internal error could occur when a partially applied Discriminated Union constructor is mismatched with an annotated or inferred type for the Discriminated Union.
修改了尝试采用表达式（如访问属性）寻址时的编译器错误消息，以更清楚地表达其违反了 byref 类型的范围规则。We modified the compiler error message when attempting to take an address of an expression (such as accessing a property) to make it more clear that it violates scoping rules for byref types.
修复了对方法或函数部分应用 byref 类型时程序可能在运行时崩溃的 bug。We fixed a bug where your program could crash at runtime when partially applying a byref type to a method or function. 现在会显示一条错误消息。An error message will now display.
修复了 byref 和引用类型（例如 byref<int> option）的无效组合会在运行时失败且不发出错误消息的问题。We fixed an issue where an invalid combination of a byref and a reference type (such as byref<int> option) would fail at runtime and not emit an error message. 现在可发出错误消息。We now emit an error message.

F# 工具F# Tools

解决了使用 .NET Core SDK 生成的 F# 程序集元数据不在 Windows 的文件属性中显示的问题。We resolved an issue where metadata for F# assemblies built with the .NET Core SDK was not shown in file properties on Windows. 现在，右键单击 Windows 上的程序集并选择“属性”即可查看此元数据。You can now see this metadata by right-clicking an assembly on Windows and selecting Properties.
修复了在 F# 源中使用 module global 可能导致 Visual Studio 不响应的 bug。We fixed a bug where use of module global in F# source could cause Visual Studio to become unresponsive.
修复了使用 inref<'T> 的扩展方法在完成列表中不显示的 bug。We fixed a bug where extension methods using inref<'T> would not show in completion lists.
修复了 .NET Framework F# 项目的“项目属性”中 TargetFramework 下拉列表为空的 bug。We fixed a bug where the TargetFramework dropdown in Project Properties for .NET Framework F# projects was empty.
修复了创建面向 .NET Framework 4.0 的新 F# 项目将失败的 bug。We fixed a bug where creating a new F# project targeting .NET Framework 4.0 would fail.

F# 开源存储库F# Open Source Repository

现将 VisualFSharpFull 项目设为默认启动项目，使你无需在调试前进行手动设置。The VisualFSharpFull project is now set as the default startup project, eliminating the need to manually set that before debugging. 谢谢你，Robert Jeppesen！Thanks, Robert Jeppesen!

JavaScript 和 TypeScript 语言服务支持JavaScript and TypeScript Language Service Support

我们添加了重构，以在文件被重命名后修复该文件的引用。We added refactoring to fix up references to a file after it has been renamed. 我们还添加了对项目引用的支持，使你能够将你的 TypeScript 项目拆分为相互引用的独立版本。We also added support for project references, letting you split your TypeScript project up into separate builds that reference each other.
我们已更新到最新的 Vue CLI 3.0 并改进了 Vue.js 模板文件中的 linting。We updated to the latest Vue CLI 3.0 and improved linting in Vue.js template files. 你也可以使用 Jest 框架来编写和运行单元测试。You can also write and run unit tests using the Jest framework.
添加了对 TypeScript 3.1 的支持。We have added support for TypeScript 3.1.

SharePoint 2019 支持SharePoint 2019 Support

我们添加了可以实现为 SharePoint 2019 创建项目的新模板。We added new templates that allow you to create projects for SharePoint 2019. 我们能够将现有 SharePoint 项目从 SharePoint 2013 和 SharePoint 2016 迁移到新的项目模板。You will have the ability to migrate existing SharePoint projects from both SharePoint 2013 and SharePoint 2016 to the new project template.

Visual Studio Tools for XamarinVisual Studio Tools for Xamarin

Visual Studio Tools for Xamarin 现支持 Xcode 10，这使你可为 iOS 12、tvOS 12 和 watchOS 5 生成和调试应用。Visual Studio Tools for Xamarin now supports Xcode 10, which allows you to build and debug apps for iOS 12, tvOS 12, and watchOS 5. 有关可用新功能的更多详细信息，请参阅使用 iOS 12 的准备工作和我们对 iOS 12 的介绍。See how to get ready for iOS 12and our introduction to iOS 12for more details on the new features available.

初始 Xamarin.Android 生成性能改进Initial Xamarin.Android Build Performance Improvements

Xamarin.Android 9.1 包括初始生成性能改进。Xamarin.Android 9.1 includes initial build performance improvements. 请参阅我们的 Xamarin.Android 15.8 和15.9 生成性能比较以了解详细信息。See our Xamarin.Android 15.8 vs. 15.9 build performance comparison for more details.

适用于通用 Windows 平台开发的工具Tools for Universal Windows Platform Developers

最新的 Windows 10 SDK（版本 17763）作为通用 Windows 平台开发工作负荷中的可选组件包括进来。The latest Windows 10 SDK (build 17763) is included as an optional component in the Universal Windows Platform development Workload.
我们为通用 Windows 平台项目添加了对创建 .MSIX 包的支持，也在 Windows 应用程序打包项目模板中添加了此支持。We added support for creating .MSIX packages for both the Universal Windows Platform projects, as well as in the Windows Application Packaging Project template. 若要创建 .MSIX 包，应用程序的最低版本必须为最新的 Windows 10 SDK（内部版本 17763）。To create an .MSIX package, the minimum version of your application must be the latest Windows 10 SDK (build 17763).
你现在可以构建 ARM64 UWP 应用程序。You can now build ARM64 UWP applications. 对于.NET UWP 应用程序，仅 .NET Native 支持 ARM64，并且必须将应用程序的最低版本设置为 Fall Creators Update（版本 16299）或更高版本。For .NET UWP applications, only .NET Native is supported for ARM64, and you must set the Minimum Version of your application to the Fall Creators Update (Build 16299) or higher.
我们为通用 Windows 平台应用程序的 F5（生成 + 部署）速度进行了改进。We made improvements to the F5 (Build + Deploy) speed for Universal Windows Platform applications. 这一改进对于使用 Windows 身份验证部署到远程目标的操作将更为明显，但也会影响所有其他部署。This will be most noticeable for deployments to remote targets using Windows authentication, but will impact all other deployments as well.
开发人员现在可以选择在使用 XAML 设计器时指定控件显示选项，同时生成面向 Windows 10 Fall Creators Update（内部版本 16299）或更高版本的 UWP 应用程序。Developers now have the option to specify Control Display Options when using the XAML Designer while building UWP applications targeting the Windows 10 Fall Creators Update (build 16299) or later. 选择“仅显示平台控件”可阻止设计器执行任何自定义控制代码，以提升设计器的可靠性。Selecting "Only Display Platform Controls" prevents the designer from executing any custom control code to improve reliability of the designer.
XAML 设计器现可自动将引发可捕获异常的控件替换为回退控件，而非出现设计器崩溃。The XAML designer now automatically replaces controls that throw with catchable exceptions with fallback controls, rather than having the designer crash. 回退控件具有黄色边框，以提示开发人员控件已在设计时被替换。Fallback controls have a yellow border to cue in developers that the control has been replaced at design time.
Windows 应用程序打包项目现支持使用 Core CLR 调试器类型调试后台进程。The Windows Application Packaging project now supports debugging background process using the Core CLR debugger type.

NuGetNuGet

NuGet 凭据提供程序改进NuGet Credential Provider Improvements

此版本显著改善了使用已经过身份验证的包源的体验，尤其适用于 Mac 和 Linux 用户：This release substantially improves the experience of using authenticated package feeds, especially for Mac and Linux users:

Visual Studio、MSBuild、NuGet.exe 和 .NET 现在支持新的凭据提供程序插件接口，可以通过 Azure Artifacts 等专用包主机实现。Visual Studio, MSBuild, NuGet.exe, and .NET now support a new Credential Provider plugin interface, which can be implemented by private package hosts like Azure Artifacts. 以前，只有 NuGet.exe 和 Visual Studio 接受凭据提供程序。Previously, only NuGet.exe and Visual Studio accepted Credential Providers.
Visual Studio 版本（包括生成工具版本）现提供具有特定工作负荷的 Azure Artifacts 凭据提供程序，从而可在开发过程中轻松使用 Azure Artifacts 源。Visual Studio editions (including the Build Tools edition) now deliver the Azure Artifacts Credential Provider with certain workloads, so that you can easily use Azure Artifacts feeds in the course of your development. 要使用这些改进的功能，请安装 NuGet 包管理器或 NuGet 目标和生成任务组件，或 .NET Core 工作负载。To use these improvements, install the NuGet package manager or NuGet targets and build tasks components, or the .NET Core workload.

NuGet 包管理器改进NuGet Package Manager Improvements

NuGet 现在支持对基于 PackageReference 的项目锁定完全包封闭，因此可支持包的重复还原。NuGet now enables locking the full package closure of PackageReference based projects, thereby enabling repeatable restore of packages.
Visual Studio NuGet 包管理器用户界面现在显示使用新许可证格式的包的许可证信息。The Visual Studio NuGet package manager UI now surfaces the license information for packages that use the new license format. 新许可证格式以 SPDX 表达式或许可证文件的形式嵌入许可证信息作为包的一部分。The new license format embeds the license information as part of the package in the form of an SPDX expression or a license file.

NuGet 安全性NuGet Security

我们引入了 NuGet 客户端策略，使你能够配置包安全性约束。We have introduced NuGet Client Policies which allow you to configure package security constraints. 这意味着你可以锁定环境以仅允许安装信任的包，方法如下：This means you can lock down environments so only trusted packages can be installed by:

不允许安装未签名的包。Disallowing the installation of unsigned packages.
根据创建者签名定义一系列信任的签名者。Defining a list of trusted signers based on the author signature.
根据存储库签名中的元数据，定义一系列信任的 NuGet.org 包所有者。Defining a list of trusted NuGet.org package owners based on the metadata in the repository signature.

用于 Visual Studio 的 .NET Core 工具.NET Core Tools for Visual Studio

从此版本开始，用于 Visual Studio 的 .NET Core 工具现将默认为仅使用最新稳定版本的 .NET Core SDK，它安装于 Visual Studio 公开发行版的计算机上。Starting with this release, the .NET Core tools for Visual Studio will now default to using only the latest stable version of a .NET Core SDK that is installed on your machine for GA releases of Visual Studio. 对于将来的预览版，工具将仅使用预览版 .NET Core SDK。For future previews, the tools will use only preview .NET Core SDKs.

Visual Studio 2017 版本 15.9 安全公告通知Visual Studio 2017 version 15.9 Security Advisory Notices

Visual Studio 2017 版本 15.9.23 服务发布 -- 发布日期：2020 年 5 月 12 日Visual Studio 2017 15.9.23 Service Release-- released on May 12, 2020

CVE-2020-1108 .NET Core 拒绝服务漏洞 CVE-2020-1108 .NET Core Denial of Service Vulnerability

未经过身份验证的远程攻击者可以通过向 .NET Core 应用程序发布特制请求利用此漏洞。A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. 此安全更新通过纠正 .NET Core Web 应用程序处理 Web 请求的方式修复此漏洞。The security update addresses the vulnerability by correcting how the .NET Core web application handles web requests.

Visual Studio 2017 版本 15.9.22 服务发布 - 发布日期：2020 年 4 月 14 日 Visual Studio 2017 15.9.22 Service Release -- released on April 14, 2020

CVE-2020-0899 Microsoft Visual Studio 特权提升漏洞 CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability

当 Microsoft Visual Studio 更新程序服务不当处理文件权限时，会出现特权提升漏洞。An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. 成功利用了此漏洞的攻击者可覆盖本地系统的安全上下文中的任意文件内容。An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.

CVE-2020-0900 Visual Studio Extension Installer 服务特权提升漏洞 CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability

当 Visual Studio Extension Installer 服务不当处理文件操作时，会出现特权提升漏洞。An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations. 成功利用了此漏洞的攻击者可使用已提升的权限删除任意位置的文件。An attacker who successfully exploited the vulnerability could delete files in arbitrary locations with elevated permissions.

CVE-2020-5260 由于对 URL 的验证不足而导致的 Git for Visual Studio 凭据泄露漏洞 CVE-2020-5260 Git for Visual Studio Credential Leak Vulnerability due to insufficient validation on URLs

当专门创建的 URL 被分析并发送至凭据帮助程序时，会出现凭据泄露漏洞。A credential leak vulnerability exists when specially crafted URLs are parsed and sent to credential helpers. 这可能会导致凭据被发送到错误的主机。This can lead to credentials being sent to the wrong host.

Visual Studio 2017 版本 15.9.21 服务发布 - 发布日期：2020 年 3 月 10 日 Visual Studio 2017 15.9.21 Service Release -- released on March 10, 2020

CVE-2020-0793 和 CVE-2020-0810 诊断中心标准收集器服务特权提升漏洞 CVE-2020-0793 & CVE-2020-0810 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

当诊断中心标准收集器无法正确处理文件操作，或 Windows 诊断中心标准收集器服务无法正确纠正输入时，就存在特权提升漏洞。An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, or the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input.

CVE-2020-0884 在创建 Outlook Web 外接程序时存在欺骗漏洞 CVE-2020-0884 Spoofing vulnerability when creating Outlook Web -Add-in

如果启用了多重身份验证，则在创建 Outlook Web 外接程序时将存在欺骗漏洞A spoofing vulnerability exists when creating an Outlook Web-Addin if multi-factor authentication is enabled

Visual Studio 2017 版本 15.9.19 服务发布 - 发布日期：2020 年 1 月 14 日 Visual Studio 2017 15.9.19 Service Release -- released on January 14, 2020

CVE-2020-0602 ASP.NET Core 拒绝服务漏洞CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability

远程未经过身份验证的攻击者可以通过向 ASP.NET 应用程序发布特制请求利用此漏洞。A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. 此安全更新通过纠正 ASP.NET Core Web 应用程序处理 Web 请求的方式解决此漏洞。The security update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

CVE-2020-0603 ASP.NET Core 远程代码执行漏洞CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability

远程未经过身份验证的攻击者可以通过向 ASP.NET 应用程序发布特制请求利用此漏洞。A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. 此安全更新通过纠正 ASP.NET Core Web 应用程序处理内存的方式解决此漏洞。The security update addresses the vulnerability by correcting how the ASP.NET Core web application handles in memory.

Visual Studio 2017 版本 15.9.18 服务发布 - 发布日期：2019 年 12 月 10 日 Visual Studio 2017 version 15.9.18 Service Release -- released on December 10, 2019

CVE-2019-1349 由于对子模块名称的限制过于宽松导致 Visual Studio 远程执行漏洞的 GitCVE-2019-1349 Git for Visual Studio Remote Excecution Vulnerability due to too lax restrictions on submodule names

Git 遇到同级子模块的目录的子模块名称冲突时，存在远程代码执行漏洞。A remote code execution vulnerability exists when Git runs into collisions of submodule names for directories of sibling submodules. 成功利用此漏洞的攻击者可以针对目标计算机远程执行代码。An attacker who successfully exploited this vulnerability could remote execute code on the target machine. 该安全更新通过使用新版本的 Git for Windows 来解决该漏洞，该版本要求用于子模块克隆的目录为空。The security update addresses the vulnerability by taking a new version of Git for Windows which requires the directory for the submodules’ clone to be empty.

CVE-2019-1350 由于命令行参数的错误引用导致 Visual Studio 远程执行漏洞的 GitCVE-2019-1350 Git for Visual Studio Remote Excecution Vulnerability due to incorrect quoting of command-line arguments

Git 使用递归克隆过程中的特定引用以及 SSH URL 解释命令行参数时，存在远程代码漏洞。A remote code execution vulnerability exists when Git interprets command-line arguments with certain quoting during a recursive clone in conjunction with SSH URLs. 成功利用此漏洞的攻击者可以针对目标计算机远程执行代码。An attacker who successfully exploited this vulnerability could remote execute code on the target machine. 该安全更新通过使用新版本的 Git for Windows 来解决该漏洞，该版本可修复此问题。The security update addresses the vulnerability by taking a new version of Git for Windows which fixes the issue.

CVE-2019-1351 由于在克隆期间使用了非字母驱动器名称导致 Visual Studio 任意文件覆盖漏洞的 GitCVE-2019-1351 Git for Visual Studio Arbitrary File Overwrite Vulnerability due to usage of non-letter drive names during clone

非字母驱动器名称绕过 git clone 中的安全检查时，存在任意文件覆盖漏洞。An arbitrary file overwrite vulnerability exists in Git when non-letter drive names bypass safety checks in git clone. 成功利用此漏洞的攻击者可以针对目标计算机写入任意文件。An attacker who successfully exploited this vulnerability could write to arbitrary files on the target machine. 该安全更新通过使用新版本的 Git for Windows 来解决该漏洞，该版本可修复此问题。The security update addresses the vulnerability by taking a new version of Git for Windows which fixes the issue.

CVE-2019-1352 由于未感知 NTFS 备用数据流导致 Visual Studio 远程执行漏洞的 GitCVE-2019-1352 Git for Visual Studio Remote Excecution Vulnerability due to unawareness of NTFS Alternate Data Streams

通过 NTFS 备用数据流克隆和写入 .git/ 目录时，存在远程代码执行漏洞。A remote code execution vulnerability exists in Git when cloning and writing to .git/ directory via NTFS alternate data streams. 成功利用此漏洞的攻击者可以针对目标计算机远程执行代码。An attacker who successfully exploited this vulnerability could remote execute code on the target machine. 该安全更新通过使用新版本的 Git for Windows 来解决该漏洞，该版本可感知 NTFS 备用数据流。The security update addresses the vulnerability by taking a new version of Git for Windows which has been made aware of NTFS alternate data streams.

CVE-2019-1354 由于未拒绝写入包含反斜杠的跟踪文件导致的 Visual Studio 任意文件覆盖漏洞的 GitCVE-2019-1354 Git for Visual Studio Arbitrary File Overwrite Vulnerability due to not refusing to write out tracked files containing backslashes

带有反斜杠和恶意符号链接的树条目突破工作树时，Git 中存在任意文件覆盖漏洞。An arbitrary file overwrite vulnerability exists in Git when tree entries with backslashes and malicious symlinks could break out of the work tree. 成功利用此漏洞的攻击者可以针对目标计算机写入任意文件。An attacker who successfully exploited this vulnerability could write to arbitrary files on the target machine. 该安全更新通过使用新版本的 Git for Windows 来解决该漏洞，该版本不允许使用反斜杠。The security update addresses the vulnerability by taking a new version of Git for Windows which does not allow this usage of backslashes.

CVE-2019-1387 由于对递归克隆中的子模块名称的验证过于宽松导致的 Visual Studio 远程执行漏洞的 GitCVE-2019-1387 Git for Visual Studio Remote Execution Vulnerability due to too lax validation of submodule names in recursive clones

当对子模块进行递归克隆时，Git 中存在远程代码执行漏洞。A remote code execution vulnerability exists in Git when cloning recursively with submodules. 成功利用此漏洞的攻击者可以针对目标计算机远程执行代码。An attacker who successfully exploited this vulnerability could remote execute code on the target machine. 该安全更新通过使用新版本的 Git for Windows 来解决该漏洞，该版本加强了对子模块名称的验证。The security update addresses the vulnerability by taking a new version of Git for Windows which tightens validation of submodule names.

Visual Studio 2017 版本 15.9.17 服务发布 - 发布日期：2019 年 10 月 15 日 Visual Studio 2017 version 15.9.17 Service Release -- released on October 15, 2019

CVE-2019-1425 NPM 包特权提升漏洞（发布时间：2019 年 11 月 12 日）CVE-2019-1425 NPM Package Elevation of Privilege Vulnerability (published November 12, 2019)

如果 Visual Studio 在提取已存档的文件时未能正确验证硬链接，则存在特权提升漏洞。An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks when extracting archived files. 此漏洞由 Visual Studio 使用的 NPM 包引入，如以下两个 NPM 建议所述： npmjs.com/advisories/803 和 npmjs.com/advisories/886。The vulnerabilities were introduced by NPM packages used by Visual Studio as described in the following two NPM advisories: npmjs.com/advisories/803 and npmjs.com/advisories/886. 此版本的 Visual Studio 中包含这些 NPM 包的更新版本。The updated versions of these NPM packages were included in this version of Visual Studio.

Visual Studio 2017 版本 15.9.16 服务发布 - 发布日期：2019 年 9 月 10 日 Visual Studio 2017 version 15.9.16 Service Release -- released on September 10, 2019

CVE-2019-1232 诊断中心标准收集器服务特权提升漏洞CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

诊断中心标准收集器服务不正确地模拟特定文件操作时，存在特权提升漏洞。An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. 成功利用此漏洞的攻击者可以获得提升的权限。An attacker who successfully exploited this vulnerability could gain elevated privileges. 对易受攻击的系统拥有非特权访问权限的攻击者可利用此漏洞。An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. 此安全更新可确保诊断中心标准收集器服务正确模拟文件操作，从而解决这一漏洞。The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.

CVE-2019-1301 .NET Core 中的拒绝服务漏洞CVE-2019-1301 Denial of Service Vulnerability in .NET Core

.NET Core 未正确处理 Web 请求时，存在拒绝服务漏洞。A denial of service vulnerability exists when .NET Core improperly handles web requests. 如果攻击者成功利用此漏洞，可能会导致对 .NET Core Web 应用程序拒绝服务。An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. 可以远程利用漏洞，无需进行身份验证。The vulnerability can be exploited remotely, without authentication.

此更新通过纠正 .NET Core Web 应用程序处理 Web 请求的方式解决此漏洞。The update addresses the vulnerability by correcting how the .NET Core web application handles web requests.

Visual Studio 2017 版本 15.9.15 服务发布 - 发布日期：2019 年 8 月 13 日 Visual Studio 2017 version 15.9.15 Service Release -- released on August 13, 2019

CVE-2019-1211 Git for Visual Studio 特权提升漏洞CVE-2019-1211 Git for Visual Studio Elevation of Privilege Vulnerability

当 Git for Visual Studio 错误地分析配置文件时，其中存在特权提升漏洞。An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. 成功利用此漏洞的攻击者可以在另一个本地用户的上下文中执行代码。An attacker who successfully exploited the vulnerability could execute code in the context of another local user. 要利用此漏洞，经过身份验证的攻击者需要先修改系统上的 Git 配置文件，再安装完整的应用程序。To exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. 然后，攻击者需要使系统上的另一个用户执行特定的 Git 命令。The attacker would then need to convince another user on the system to execute specific Git commands. 更新更改了编辑配置文件所需的权限，从而解决了这一问题。The update addresses the issue by changing the permissions required to edit configuration files.

Visual Studio 2017 版本 15.9.14 服务发布 - 发布日期：2019 年 7 月 9 日 Visual Studio 2017 version 15.9.14 Service Release -- released on July 9, 2019

CVE-2019-1075 ASP.NET Core 欺骗漏洞 CVE-2019-1075 ASP.NET Core Spoofing Vulnerability

今天已发布 .NET Core 更新，包含在此 Visual Studio 更新中。.NET Core updates have released today and are included in this Visual Studio update. 此版本解决了安全性和其他重要问题。This release addresses security and other important issues. 有关详细信息，请参阅 .NET Core 发行说明。Details can be found in the .NET Core release notes.

CVE-2019-1077 Visual Studio 扩展自动更新漏洞 CVE-2019-1077 Visual Studio Extension Auto Update Vulnerability

如果 Visual Studio 扩展自动更新过程不正确地执行特定文件操作，就会存在特权提升漏洞。An elevation of privilege vulnerability exists when the Visual Studio Extension auto-update process improperly performs certain file operations. 成功利用此漏洞的攻击者可以删除任意位置的文件。An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. 攻击者必须对易受攻击的系统拥有非特权访问权限，才能利用此漏洞。To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. 安全更新通过保护 Visual Studio 扩展自动更新执行文件操作的位置来处理漏洞。The security update addresses the vulnerability by securing locations the Visual Studio Extension auto-update performs file operations in.

CVE-2019-1113 WorkflowDesigner XOML 反序列化允许代码执行 CVE-2019-1113 WorkflowDesigner XOML deserialization allows code execution

引用特定类型的 XOML 文件可能导致在 Visual Studio 中打开 XOML 文件时执行任意代码。A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. 现在允许在 XOML 文件中使用的类型具有一定限制。There is now a restriction on what types are allowed to be used in XOML files. 如果打开包含最新未经授权的类型之一的 XOML 文件，将显示一条消息，说明该类型未经授权。If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.

有关详细信息，请参阅 https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml 。For further information, please refer to https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml.

Visual Studio 2017 版本 15.9.12 服务发布 - 发布日期：2019 年 5 月 14 日 Visual Studio 2017 version 15.9.12 Service Release -- released on May 14, 2019

CVE-2019-0727 诊断中心标准收集器服务特权提升漏洞CVE-2019-0727 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

如果诊断中心标准收集器服务不正确地执行特定文件操作，就会存在特权提升漏洞。An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly performs certain file operations. 成功利用此漏洞的攻击者可以删除任意位置的文件。An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. 攻击者必须对易受攻击的系统拥有非特权访问权限，才能利用此漏洞。To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. 安全更新通过保护诊断中心标准收集器执行文件操作的位置来处理漏洞。The security update addresses the vulnerability by securing locations the Diagnostics Hub Standard Collector performs file operations in.

Visual Studio 2017 版本 15.9.9 服务发布 - 发布日期：2019 年 3 月 12 日 Visual Studio 2017 version 15.9.9 Service Release -- released on March 12, 2019

CVE-2019-0809 Visual Studio 远程代码执行漏洞CVE-2019-0809 Visual Studio Remote Code Execution Vulnerability

Visual Studio C++ Redistributable 安装程序在加载动态链接库 (DLL) 之前错误验证输入时，存在远程代码执行漏洞。A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files. 成功利用此漏洞的攻击者可能会在当前用户的上下文中执行任意代码。An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user. 与使用管理用户权限操作的用户相比，其帐户在系统上具有更少用户权限的用户更不易受到影响。Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 要利用该漏洞，攻击者必须在本地系统上放置一个恶意 DLL 并说服用户执行特定可执行文件。To exploit the vulnerability, an attacker must place a malicious DLL on a local system and convince a user to execute a specific executable. 该安全更新处理了该项漏洞，它更正了 Studio C++ Redistributable 安装程序在加载 DLL 文件前验证输入的方式。The security update addresses the vulnerability by correcting how the Visual Studio C++ Redistributable Installer validates input before loading DLL files.

CVE-2019-9197 Unity 编辑器远程代码执行漏洞CVE-2019-9197 Unity Editor Remote Code Execution Vulnerability

Unity 编辑器中存在远程代码执行漏洞，该编辑器是 Visual Studio 提供的第三方软件，用于在向 Unity 工作负载进行游戏部署时安装。A remote code execution vulnerability exists in the Unity Editor, a 3rd party software that Visual Studio offers to install as part of the Game Development with Unity workload. 如果已安装来自 Visual Studio 的 Unity，请务必将你在使用的 Unity 版本上传到处理 CVE 中所述漏洞的版本。If you've installed Unity from Visual Studio, please make sure to update the version of Unity you're using to a version that addresses the vulnerability as described in the CVE. Visual Studio 安装程序已更新，可提供安装能处理该漏洞的 Unity 编辑器版本。The Visual Studio installer has been updated to offer to install a Unity Editor version which addresses the vulnerability.

CVE-2019-0757 .NET Core NuGet 篡改漏洞CVE-2019-0757 .NET Core NuGet Tampering Vulnerability

在 Linux 或 Mac 环境中执行时，NuGet 软件中存在篡改漏洞。A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. 成功利用此漏洞的攻击者可能会在当前用户的上下文中运行任意代码。An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. 如果当前用户使用管理用户权限登录，则攻击者可能会控制受影响的系统。If the current user is logged on with administrative user rights, an attacker could take control of the affected system. 然后，攻击者可能会安装程序、查看更改项或删除数据，还可能会使用完全用户权限创建新的帐户。An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 与使用管理用户权限操作的用户相比，其帐户在系统上具有更少用户权限的用户更不易受到影响。Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 要利用此漏洞，攻击者必须能够以该计算机上任意其他用户的身份登录。Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. 此时，攻击者将能够替换或添加到当前用户帐户中由 NuGet 还原操作创建的文件。At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.

今天已发布 .NET Core 更新，包含在此 Visual Studio 更新中。.NET Core updates have released today and are included in this Visual Studio update. 该安全更新处理了该项漏洞，它更正了 NuGet 还原为提取到客户端计算机上的所有文件创建文件权限的方式。The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine. 有关包的详细信息，请参阅 .NET Core 发行说明。Details about the packages can be found in the .NET Core release notes.

Visual Studio 2017 版本 15.9.7 服务发布 - 发布日期：2019 年 2 月 12 日 Visual Studio 2017 version 15.9.7 Service Release -- released on February 12, 2019

CVE-2019-0613 WorkflowDesigner XOML 反序列化允许代码执行CVE-2019-0613 WorkflowDesigner XOML deserialization allows code execution

有关详细信息，请参阅 https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml. 。For further information, please refer to https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml..

CVE-2019-0657 .NET Framework 和 Visual Studio 欺骗漏洞CVE-2019-0657 .NET Framework and Visual Studio Spoofing Vulnerability

Visual Studio 2017 版本 15.9.5 服务发布 - 发布日期：2018 年 1 月 08 日 Visual Studio 2017 version 15.9.5 Service Release -- released on January 08, 2018

CVE-2019-0546 Visual Studio 远程代码执行漏洞CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability

当 C++ 编译器对特定 C++ 构造组合处理不当时，Visual Studio 中会出现远程代码执行漏洞。A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs. 成功利用此漏洞的攻击者可能会在当前用户的上下文中运行任意代码。An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. 如果当前用户使用管理用户权限登录，则攻击者可能会控制受影响的系统。If the current user is logged on with administrative user rights, an attacker could take control of the affected system. 然后，攻击者可能会安装程序、查看更改项或删除数据，还可能会使用完全用户权限创建新的帐户。An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 与使用管理用户权限操作的用户相比，其帐户在系统上具有更少用户权限的用户更不易受到影响。Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 本次安全更新通过更正 Visual Studio C++ 编译器处理某些 C++ 构造的方式来解决该漏洞。The security update addresses the vulnerability by correcting how the Visual Studio C++ compiler handles certain C++ constructs.

Visual Studio 2017 版本 15.9.4 服务发布 - 发布日期：2018 年 12 月 11 日 Visual Studio 2017 version 15.9.4 Service Release -- released on December 11, 2018

CVE-2018-8599 诊断中心标准收集器服务特权提升漏洞CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

如果诊断中心标准收集器服务不正确地处理特定文件操作，就会存在特权提升漏洞。An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles certain file operations. 成功利用此漏洞的攻击者可以获得提升的权限。An attacker who successfully exploited this vulnerability could gain elevated privileges. 攻击者必须对易受攻击的系统拥有非特权访问权限，才能利用此漏洞。To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. 此安全更新程序解决了这个漏洞，具体是通过确保诊断中心标准收集器服务能够正确模拟文件操作。The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Services properly impersonates file operations.

已解决的问题Fixed Issues

请参阅 Visual Studio 2017 15.9 版中已解决的客户所报所有问题。See all customer-reported issues fixed in Visual Studio 2017 version 15.9.

已知问题Known Issues

查看 Visual Studio 2017 版本 15.9 中全部现有已知问题和可用解决办法。See all existing known issues and available workarounds in Visual Studio 2017 version 15.9.

反馈Feedback

我们期待你的宝贵意见和建议！We would love to hear from you! 如有问题，请通过安装程序或 Visual Studio IDE 右上角的“报告问题”选项告知我们。For issues, let us know through the Report a Problem option in the upper right-hand corner of either the installer or the Visual Studio IDE itself. 必须向The Feedback Icon 图标位于右上角。icon is located in the upper right-hand corner. 可以在 Visual Studio 开发者社区中提出产品建议或跟踪问题，也可在其中提问、寻找答案和建议新功能。You can make a product suggestion or track your issues in the Visual Studio Developer Community, where you can ask questions, find answers, and propose new features. 此外，还可通过实时聊天支持获得免费安装帮助。You can also get free installation help through our Live Chat support.

BlogsBlogs

通过参考开发人员工具博客网站中的见解和建议，随时掌握所有新版本的最新最全资讯，并发表有关大量功能的深入分析帖子。Take advantage of the insights and recommendations available in the Developer Tools Blogs site to keep you up-to-date on all new releases and include deep dive posts on a broad range of features.

Visual Studio 2017 发行说明历史记录Visual Studio 2017 Release Notes History

若要详细了解以往 Visual Studio 2017 版本的相关信息，请参阅 Visual Studio 2017 发行说明历史记录页。For more information relating to past versions of Visual Studio 2017, see the Visual Studio 2017 Release Notes History page.

返回页首Top of Page