將執行階段變更從 .NET Framework 4.7.1 移轉至 4.7.2Runtime Changes for Migration from .NET Framework 4.7.1 to 4.7.2

如果您想從 .NET Framework 4.7.1 移轉至 4.7.2,請檢閱下列主題中可能會影響應用程式的應用程式相容性問題:If you are migrating from the .NET Framework 4.7.1 to 4.7.2, review the following topics for application compatibility issues that may affect your app:

核心Core

允許在與 UNC 共用相似的 URI 中使用 UnicodeAllow Unicode in URIs that resemble UNC shares

詳細資料Details

System.Uri 中,若您建構的檔案 URI 同時包含 UNC 共用名稱和 Unicode 字元時,不會再導致 URI 出現無效的內部狀態。In System.Uri, constructing a file URI containing both a UNC share name and Unicode characters will no longer result in a URI with invalid internal state. 這項行為只有在下列所有條件都符合時才會變更:The behavior will change only when all of the following are true:

  • URI 具有 file: 配置,且後接 4 條以上的斜線。The URI has the scheme file: and is followed by four or more slashes.
  • 主機名稱開頭為底線或其他非保留符號。The host name begins with an underscore or other non-reserved symbol.
  • URI 包含 Unicode 字元。The URI contains Unicode characters.

建議Suggestion

如果應用程式使用的 URI 始終包含 Unicode,可想而知,該應用程式會使用這項行為來禁止參考 UNC 共用。Applications working with URIs consistently containing Unicode could have conceivably used this behavior to disallow references to UNC shares. 因此,這類應用程式應該改用 IsUncThose applications should use IsUnc instead.

名稱Name Value
範圍Scope EdgeEdge
版本Version 4.7.24.7.2
類型Type 執行階段Runtime

受影響的 APIAffected APIs

Unicode 存在時,支援特殊的相對 URI 標記法Support special relative URI notation when Unicode is present

詳細資料Details

UriNullReferenceException TryCreate 包含 Unicode 的特定相對 uri 上呼叫時,不會再擲回。Uri will no longer throw a NullReferenceException when calling TryCreate on certain relative URIs containing Unicode. 的最簡單重現 NullReferenceException 如下,其中兩個語句是相等的:The simplest reproduction of the NullReferenceException is below, with the two statements being equivalent:

bool success = Uri.TryCreate("http:%C3%A8", UriKind.RelativeOrAbsolute, out Uri href);
bool success = Uri.TryCreate("http:è", UriKind.RelativeOrAbsolute, out Uri href);
若要重現 NullReferenceException,必須符合下列項目:To reproduce the NullReferenceException, the following items must be true:
  • URI 前面必須加上 ‘http:’,且不是後面加上 ‘//’ 來指定為相對的。The URI must be specified as relative by prepending it with ‘http:’ and not following it with ‘//’.
  • URI 必須包含百分比編碼的 Unicode 或未保留的符號。The URI must contain percent-encoded Unicode or unreserved symbols.

建議Suggestion

根據此行為不允許相對 URI 的使用者,在建立 URI 時應該改指定 UriKind.AbsoluteUsers depending on this behavior to disallow relative URIs should instead specify UriKind.Absolute when creating a URI.

名稱Name Value
範圍Scope EdgeEdge
版本Version 4.7.24.7.2
類型Type 執行階段Runtime

受影響的 APIAffected APIs

執行階段Runtime

針對 Net.Tcp 憑證驗證改善的 WCF 鏈結信任憑證驗證Improved WCF chain trust certificate validation for Net.Tcp certificate authentication

詳細資料Details

.NET Framework 4.7.2 若以傳輸安全性搭配 WCF 使用憑證驗證,就可以改善鏈結信任憑證驗證。.NET Framework 4.7.2 improves chain trust certificate validation when using certificate authentication with transport security with WCF. 利用這項改善,必須針對用戶端驗證設定用來驗證伺服器的用戶端憑證。With this improvement, client certificates that are used to authenticate to a server must be configured for client authentication. 同樣地,必須針對伺服器驗證設定用來驗證伺服器的伺服器憑證。Similarly server certificates that are for the authenticating a server must be configured for server authentication. 利用這項變更,如果已停用根憑證,憑證鏈結驗證就會失敗。With this change, if the root certificate is disabled, the certificate chain validation fails. 同時,已透過 Windows 安全性彙總對 .NET Framework 3.5 和更新版本進行了相同的變更。The same change was also made to .NET Framework 3.5 and later versions via Windows security roll-up. 您可以在這裡找到更多資訊。這項變更預設為開啟,而且可以透過組態設定加以關閉。You can find more information here.This change is on by default and can be turned off by a configuration setting.

建議Suggestion

  • 驗證您的伺服器和用戶端憑證是否具有必要的 EKU OID。Validate if your server and client certification has the required EKU OID. 如果沒有,請更新您的憑證。If not, update your certification.
  • 驗證您的根憑證是否無效。Validate if your root certificate is invalid. 如果是,請更新根憑證。If so, update the root certificate.
  • 如何退出宣告變更:如果無法更新憑證,您可以使用下列設定設定暫時解決這項重大變更,不過,退出宣告變更會讓您的系統容易受到安全性問題的影響。How to opt out of the change: If you can't update the certificate, you can work around the breaking change temporarily with the following configuration setting, However, opting out of the change will leave your system vulnerable to the security issue.
<appSettings>
<add key="wcf:useLegacyCertificateUsagePolicy" value="true" />
</appSettings>
名稱Name Value
範圍Scope MinorMinor
版本Version 4.7.24.7.2
類型Type 執行階段Runtime

受影響的 APIAffected APIs

無法透過 API 分析偵測。Not detectable via API analysis.

Web 應用程式Web Applications

"dataAnnotations:dataTypeAttribute:disableRegEx" 應用程式設定,在 .NET Framework 4.7.2 中預設會開啟"dataAnnotations:dataTypeAttribute:disableRegEx" app setting is on by default in .NET Framework 4.7.2

詳細資料Details

在 .NET Framework 4.6.1 中,提供了應用程式設定 ("dataAnnotations:dataTypeAttribute:disableRegEx"),可讓使用者能停用在資料類型屬性 (例如 System.ComponentModel.DataAnnotations.EmailAddressAttributeSystem.ComponentModel.DataAnnotations.UrlAttributeSystem.ComponentModel.DataAnnotations.PhoneAttribute) 中使用規則運算式。In .NET Framework 4.6.1, an app setting ("dataAnnotations:dataTypeAttribute:disableRegEx") was introduced that allows users to disable the use of regular expressions in data type attributes (such as System.ComponentModel.DataAnnotations.EmailAddressAttribute, System.ComponentModel.DataAnnotations.UrlAttribute, and System.ComponentModel.DataAnnotations.PhoneAttribute). 如此有助於降低安全性弱點,例如避免發生使用特定規則運算式的拒絕服務攻擊之可能性。This helps to reduce security vulnerability such as avoiding the possibility of a Denial of Service attack using specific regular expressions.
在 .NET Framework 4.6.1 中,停用使用 RegEx 的此應用程式設定,預設會設為 falseIn .NET Framework 4.6.1, this app setting to disable RegEx usage was set to false by default. 從 .NET Framework 4.7.2 開始,此設定參數預設會設定為, true 以進一步降低以 .NET Framework 4.7.2 和更新版本為目標之 web 應用程式的安全性漏洞。Starting with .NET Framework 4.7.2, this config switch is set to true by default to further reduce secure vulnerability for web applications that target .NET Framework 4.7.2 and above.

建議Suggestion

若您發現您 Web 應用程式中的規則運算式,在升級至 .NET Framework 4.7.2 之後無法運作,可將 "dataAnnotations:dataTypeAttribute:disableRegEx" 設定的值,更新為 false,以還原為先前的行為。If you find that regular expressions in your web application do not work after upgrading to .NET Framework 4.7.2, you can update the value of the "dataAnnotations:dataTypeAttribute:disableRegEx" setting to false to revert to the previous behavior.

<configuration>
<appSettings>
...
<add key="dataAnnotations:dataTypeAttribute:disableRegEx" value="false"/>
...
</appSettings>
</configuration>

名稱Name Value
範圍Scope MinorMinor
版本Version 4.7.24.7.2
類型Type 執行階段Runtime

受影響的 APIAffected APIs

無法透過 API 分析偵測。Not detectable via API analysis.

Windows Presentation Foundation (WPF)Windows Presentation Foundation (WPF)

已改進 WPF 中的按鍵提示行為Keytips behavior improved in WPF

詳細資料Details

按鍵提示行為已經過修改,讓 Microsoft Word 與 Windows 檔案總管之間的行為趨於一致。Keytips behavior has been modified to bring parity with behavior on Microsoft Word and Windows Explorer. WPF 會藉由查看是否已啟用按鍵提示狀態,或是並非按下 SystemKey (特別是 KeyF11) 的情況,正確地處理按鍵提示的按鍵。By checking whether keytip state is enabled or not in the case of a SystemKey (in particular, Key or F11) being pressed, WPF handles keytip keys appropriately. 現在即使滑鼠已開啟了按鍵提示,其仍會關閉功能表。Keytips now dismiss a menu even when it is opened by mouse.

建議Suggestion

N/AN/A

名稱Name Value
範圍Scope EdgeEdge
版本Version 4.7.24.7.2
類型Type 執行階段Runtime

受影響的 APIAffected APIs

無法透過 API 分析偵測。Not detectable via API analysis.