Visual Studio Icon Visual Studio 2017 15.9 版版本資訊Visual Studio 2017 version 15.9 Release Notes


| 開發人員社群 | 系統需求 | 相容性 | 可散發程式碼 | 授權條款 | 部落格 | 已知問題 || Developer Community | System Requirements | Compatibility | Distributable Code | License Terms | Blogs | Known Issues |


按一下按鈕以下載最新版的 Visual Studio 2017。Click a button to download the latest version of Visual Studio 2017. 如需安裝和更新 Visual Studio 2017 的指示,請參閱將 Visual Studio 2017 更新至最新版本For instructions on installing and updating Visual Studio 2017, see Update Visual Studio 2017 to the most recent release. 此外,請參閱如何離線安裝上的指示。Also, see instructions on how to install offline.

請前往 visualstudio.com/downloads 頁面來下載其他 Visual Studio 2017 產品。Visit the visualstudio.com/downloads page to download other Visual Studio 2017 products.


15.9 中的新功能What's New in 15.9


Visual Studio 2017 15.9 版的版本Visual Studio 2017 version 15.9 Releases


重要

Visual Studio 2017 15.9 版資訊安全諮詢注意事項Visual Studio 2017 version 15.9 Security Advisory Notices


Release Notes Icon Visual Studio 2017 15.9.13 版Visual Studio 2017 version 15.9.13 New Release icon

2019 年 6 月 11 日發行 released on June 11, 2019

15.9.13 中修正的問題Issues Fixed in 15.9.13

15.9.13 中,解決了客戶回報的下列問題:These are the customer-reported issues addressed in 15.9.13:


Release Notes Icon Visual Studio 2017 15.9.12 版Visual Studio 2017 version 15.9.12

2019 年 5 月 14 日發行released on May 14, 2019

15.9.12 中修正的問題Issues Fixed in 15.9.12

下列客戶回報的問題在 15.9.12 已予解決:These are the customer-reported issues addressed in 15.9.12:

資訊安全諮詢注意事項Security Advisory Notices


Release Notes Icon Visual Studio 2017 15.9.11 版Visual Studio 2017 version 15.9.11

發行於 2019 年 4 月 2 日released on April 02, 2019

15.9.11 中已修正的問題Issues Fixed in 15.9.11

這些是 15.9.11 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.11:


Release Notes Icon Visual Studio 2017 15.9.10 版Visual Studio 2017 version 15.9.10

於 2019 年 3 月 25 日發行released on March 25, 2019

15.9.10 中已修正的問題Issues Fixed in 15.9.10

這些是 15.9.10 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.10:


Release Notes Icon Visual Studio 2017 15.9.9 版Visual Studio 2017 version 15.9.9

於 2019 年 3 月 12 日發行released on March 12, 2019

15.9.9 中已修正的問題Issues Fixed in 15.9.9

這些是 15.9.9 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.9:

資訊安全諮詢注意事項Security Advisory Notices


Release Notes Icon Visual Studio 2017 15.9.8 版Visual Studio 2017 version 15.9.8

於 2019 年 3 月 5 日發行 released on March 05, 2019

15.9.8 中已修正的問題Issues Fixed in 15.9.8

這些是 15.9.8 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.8:


Release Notes Icon Visual Studio 2017 15.9.7 版Visual Studio 2017 version 15.9.7

發行於 2019 年 2 月 12 日released on February 12, 2019

15.9.7 中已修正的問題Issues Fixed in 15.9.7

這些是 15.9.7 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.7:

資訊安全諮詢注意事項Security Advisory Notices


Release Notes Icon Visual Studio 2017 15.9.6 版Visual Studio 2017 version 15.9.6

發行於 2019 年 1 月 24 日released on January 24, 2019

15.9.6 中已修正的問題Issues Fixed in 15.9.6

這些是 15.9.6 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.6:


Release Notes Icon Visual Studio 2017 15.9.5 版Visual Studio 2017 version 15.9.5

發行於 2019 年 1 月 8 日released on January 08, 2019

15.9.5 中修正的問題Issues Fixed in 15.9.5

這些是 15.9.5 中解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.5:

資訊安全諮詢注意事項Security Advisory Notices


Release Notes Icon Visual Studio 2017 15.9.4 版Visual Studio 2017 version 15.9.4

發行於 2018 年 12 月 11 日released on December 11, 2018

15.9.4 中已修正的問題Issues Fixed in 15.9.4

這些是 15.9.4 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.4:

資訊安全諮詢注意事項Security Advisory Notices


Release Notes Icon Visual Studio 2017 15.9.3 版Visual Studio 2017 version 15.9.3

發行於 2018 年 11 月 28 日released on November 28, 2018

15.9.3 中已修正的問題Issues Fixed in 15.9.3

這些是 15.9.3 中已解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.3:


Release Notes Icon Visual Studio 2017 15.9.2 版本Visual Studio 2017 version 15.9.2

發行於 2018 年 11 月 19 日released on November 19, 2018

15.9.2 中修正的問題Issues Fixed in 15.9.2

這些是 15.9.2 中解決的客戶回報問題:These are the customer-reported issues addressed in 15.9.2:


Release Notes Icon Visual Studio 2017 15.9.1 版Visual Studio 2017 version 15.9.1

發行於 2018 年 11 月 15 日released on November 15, 2018

15.9.1 中修正的問題Issues Fixed in 15.9.1

這些是 15.9.1 中已解決的問題:These are the issues addressed in 15.9.1:

  • 修正了 Visual Studio 無法使用 Microsoft Xbox One XDK 建置專案的 Bug。Fixed a bug where Visual Studio would fail to build projects using the Microsoft Xbox One XDK.

15.9.1 中新功能的詳細資料Details of What's New in 15.9.1

通用 Windows 平台開發 SDKUniversal Windows Platform Development SDK

Windows 10 October 2018 Update SDK (組建 17763) 現在是通用 Windows 平台開發工作負載預設選取的 SDK。The Windows 10 October 2018 Update SDK (build 17763) is now the default selected SDK for the Universal Windows Platform development workload.


15.9 中值得注意的新功能摘要Summary of Notable New Features in 15.9

15.9 中已修正的常見問題Top Issues Fixed in 15.9

請查看 Visual Studio 2017 15.9 版中所有已修正的客戶回報問題。See all customer-reported issues fixed in Visual Studio 2017 version 15.9.

The Developer Community Portal


15.9 中新功能的詳細資料Details of What's New in 15.9

Release Notes Icon Visual Studio 2017 15.9.0 版Visual Studio 2017 version 15.9.0

發行於 2018 年 11 月 13 日released on November 13, 2018

15.9 中的新功能New Features in 15.9

安裝Install

我們讓您能輕鬆讓您的安裝設定在不同的 Visual Studio 安裝中都一致。We made it easier to keep your installation settings consistent across multiple installations of Visual Studio. 您現在可以使用 Visual Studio 安裝程式未指定的 Visual Studio 執行個體匯出 .vsconfig 檔案。You can now use the Visual Studio Installer to export a .vsconfig file for a given instance of Visual Studio. 此檔案將包含您已安裝哪些工作負載與元件的相關資訊。This file will contain information about what workloads and components you have installed. 您可以接著匯入此檔案以將這些工作負載與元件選擇新增到另一個 Visual Studio 安裝。You can then import this file to add these workload and component selections to another installation of Visual Studio.

偵錯Debugging

我們新增了取用全新可攜式 Pdb 符號套件格式 (.snupkg) 的支援。We have added support for consuming the new portable-pdb based symbol package format (.snupkg). 我們新增了工具,讓您能更輕鬆地取用及管理來自 NuGet.org 符號伺服器等來源的符號套件We have added tooling to make it easy to consume and manage these symbol packages from sources like the NuGet.org symbol server.

C++C++

  • 我們已在 Visual Studio Enterprise Edition 中為 C++ 新增偵錯工具的「倒退」功能We've added the "step back" feature in the debugger for C++ in the Visual Studio Enterprise Edition. 倒退可讓您即時倒退以檢視您應用程式在先前時間點的狀態。Step back enables you to go back in time to view the state of your application at a previous point in time.
  • C++ IntelliSense 現在會針對以 Linux 為目標的 CMake 和 MSBuild 專案,回應遠端環境中的變更。C++ IntelliSense now responds to changes in the remote environment for both CMake and MSBuild projects targeting Linux. 當您安裝新的程式庫或變更您的 CMake 專案時,C++ IntelliSense 會自動剖析遠端電腦上的新標頭檔案,讓您取得完整且順暢的 C++ 編輯體驗。As you install new libraries or change your CMake projects, C++ IntelliSense will automatically parse the new headers files on the remote machine for a complete and seamless C++ editing experience.
  • 我們已更新 UWP 傳統型橋接器架構套件 (適用於所有支援的架構,包括 ARM64),以符合 Windows Store 的最新版。We've updated the UWP Desktop Bridge framework packages to match the latest in the Windows Store for all supported architectures, including ARM64.
  • 除了修正 60 個封鎖的 Bug 之外,我們還新增了以 MSVC 15.9 編譯器使用 range-v3 程式庫的支援,您可透過指定 /std:c++17 /permissive- 來利用該程式庫。In addition to fixing 60 blocking bugs, we have added support for the range-v3 library with the MSVC 15.9 compiler, available under /std:c++17 /permissive-.
  • Visual Studio 中的零售 VCLibs 架構套件已更新,以符合 UWP 存放區中的最新可用版本。The retail VCLibs framework package in Visual Studio has been updated to match the latest available version in the UWP Store.
  • 完整支援現在適用於 ARM64 C++ 原生桌面案例,包括 VC++ 2017 可轉散發套件。Full support is now available for ARM64 C++ Native Desktop scenarios, including VC++ 2017 Redistributable.
  • 我們已在 C++17 的 charconv 標頭中實作浮點 to_chars() 的最短來回十進位多載。We implemented the shortest round-trip decimal overloads of floating-point to_chars() in C++17's charconv header. 針對科學記號標記法,浮點數的速度大約是 sprintf_s() "%.8e" 的 10 倍快,雙精度浮點數的速度則是 sprintf_s() "%.16e" 的 30 倍快。For scientific notation, it is approximately 10x as fast as sprintf_s() "%.8e" for floats, and 30x as fast as sprintf_s() "%.16e" for doubles. 這會使用 Ulf Adams 的新演算法 Ryu。This uses Ulf Adams' new algorithm, Ryu.
  • 可以在這裡找到 Visual C++ 編譯器標準相容性改善的清單,這可能需要嚴格相容性模式中的來源變更。A list of improvements to the standards conformance of the Visual C++ compiler, which potentially require source changes in strict conformance mode, can be found here.
  • 我們已將 C++ 編譯器 /Gm 切換參數設定為過時。We have deprecated the C++ Compiler /Gm switch. 若已明確定義用 /Gm 切換參數,請考慮將它從您的建置指令碼移除。Consider disabling the /Gm switch in your build scripts if it's explicitly defined. 或者,您也可以安全地忽略 /Gm 的過時警告,因為當使用 [將警告視為錯誤] (/WX) 時不會將它視為錯誤。Alternatively, you can also safely ignore the deprecation warning for /Gm as it will not be treated as error when using "Treat warnings as errors" (/WX).

F#F#

F# 編譯器F# Compiler

  • 我們已對使用 byref 值的擴充方法可能會變動不可變值予以修正。We fixed a bug where extension methods that take byref values could mutate an immutable value.
  • 我們已改善 byref/inref/outref 上多載的編譯器錯誤資訊,而不是顯示先前不明的錯誤。We improved the compile error information for overloads on byref/inref/outref, rather than displaying the previously obscure error.
  • 目前完全禁止 byref 上的選擇性類型延伸模組。Optional Type Extensions on byrefs are now disallowed entirely. 這些延伸模組之前可能已宣告,但無法使用,因而導致令人困惑的使用者體驗。They could be declared previously, but were unusable, resulting in a confusing user experience.
  • 我們已修正結構元組上的 CompareTo 和造成具有別名結構元組的類型等價會導致執行階段例外狀況的 Bug。We fixed a bug where CompareTo on a struct tuple and causing a type equivalence with an aliased struct tuple would result in a runtime exception.
  • 我們已修正在撰寫 .NET Standard 型別提供者的內容中使用 System.Void 時,可能於設計階段找不到 System.Void 類型的 Bug。We fixed a bug where use of System.Void in the context of authoring a Type Provider for .NET Standard could fail to find the System.Void type at design-time.
  • 我們已修正部分套用的差別聯集建構函式與差別聯集的標註或推斷類型不相符時,可能會發生內部錯誤的 Bug。We fixed a bug where an internal error could occur when a partially applied Discriminated Union constructor is mismatched with an annotated or inferred type for the Discriminated Union.
  • 我們已修改嘗試取得運算式位址 (例如存取屬性) 時的編譯器錯誤訊息,更清楚地表示其違反了 byref 類型的範圍規則。We modified the compiler error message when attempting to take an address of an expression (such as accessing a property) to make it more clear that it violates scoping rules for byref types.
  • 我們已修正將 byref 類型部分套用至方法或函式時,您的程式可能會在執行階段損毀的 Bug。We fixed a bug where your program could crash at runtime when partially applying a byref type to a method or function. 現在會顯示一則錯誤訊息。An error message will now display.
  • 我們已修正 byref 和參考型別 (例如 byref<int> option) 的無效組合會在執行階段失敗,且不會發出錯誤訊息的問題。We fixed an issue where an invalid combination of a byref and a reference type (such as byref<int> option) would fail at runtime and not emit an error message. 我們現在會發出錯誤訊息。We now emit an error message.

F# 工具F# Tools

  • 我們已解決使用 .NET Core SDK 所建置 F# 組件中繼資料不會顯示在 Windows 檔案屬性中的問題。We resolved an issue where metadata for F# assemblies built with the .NET Core SDK was not shown in file properties on Windows. 現在,只要以滑鼠右鍵按一下 Windows 上的組件,並選取 [屬性] ,就可以看到此中繼資料。You can now see this metadata by right-clicking an assembly on Windows and selecting Properties.
  • 我們已修正在 F# 來源中使用 module global 可能導致 Visual Studio 沒有回應的 Bug。We fixed a bug where use of module global in F# source could cause Visual Studio to become unresponsive.
  • 我們已修正使用 inref<'T> 的擴充方法不會顯示在完成清單中的 Bug。We fixed a bug where extension methods using inref<'T> would not show in completion lists.
  • 我們已修正 .NET Framework F# 專案的 [專案屬性] 中 TargetFramework 下拉式清單為空白的 Bug。We fixed a bug where the TargetFramework dropdown in Project Properties for .NET Framework F# projects was empty.
  • 我們已修正建立以 .NET Framework 4.0 為目標之新 F# 專案將會失敗的 Bug。We fixed a bug where creating a new F# project targeting .NET Framework 4.0 would fail.

F# 開放原始碼存放庫F# Open Source Repository

VisualFSharpFull 專案現已設定為預設啟始專案,而不必在偵錯之前以手動方式進行設定。The VisualFSharpFull project is now set as the default startup project, eliminating the need to manually set that before debugging. 謝謝您,Robert JeppesenThanks, Robert Jeppesen!

JavaScript 與 TypeScript 語言服務支援JavaScript and TypeScript Language Service Support

  • 我們已加入重構,以修正檔案重新命名後的檔案參考。We added refactoring to fix up references to a file after it has been renamed. 我們也加入對專案參考的支援,讓您可以將 TypeScript 專案分割為參考彼此的不同組建。We also added support for project references, letting you split your TypeScript project up into separate builds that reference each other.
  • 我們已更新最新的 Vue CLI 3.0 並改善 Vue.js 範本檔案中的 linting。We updated to the latest Vue CLI 3.0 and improved linting in Vue.js template files. 您也可以使用 Jest 架構來撰寫及執行單元測試。You can also write and run unit tests using the Jest framework.
  • 我們已新增對 TypeScript 3.1 的支援。We have added support for TypeScript 3.1.

SharePoint 2019 支援SharePoint 2019 Support

新增了可以讓您建立 SharePoint 2019 專案的範本。We added new templates that allow you to create projects for SharePoint 2019. 您可以將現有的 SharePoint 專案從 SharePoint 2013 及 SharePoint 2016 移轉到新的專案範本。You will have the ability to migrate existing SharePoint projects from both SharePoint 2013 and SharePoint 2016 to the new project template.

Visual Studio Tools for XamarinVisual Studio Tools for Xamarin

Visual Studio Tools for Xamarin 現在支援 Xcode 10,可讓您建置 iOS 12、tvOS 12 與 watchOS 5 應用程式並進行偵錯。Visual Studio Tools for Xamarin now supports Xcode 10, which allows you to build and debug apps for iOS 12, tvOS 12, and watchOS 5. 請參閱如何針對 iOS 12 做準備我們的 iOS 12 簡介,以取得可用新功能的詳細資料。See how to get ready for iOS 12and our introduction to iOS 12for more details on the new features available.

初始 Xamarin.Android 建置效能改良Initial Xamarin.Android Build Performance Improvements

Xamarin.Android 9.1 包括初始建置效能改良Xamarin.Android 9.1 includes initial build performance improvements. 請參閱我們的 Xamarin.Android 15.8 與15.9 建置效能比較以取得詳細資訊。See our Xamarin.Android 15.8 vs. 15.9 build performance comparison for more details.

通用 Windows 平台開發人員工具Tools for Universal Windows Platform Developers

  • 最新的 Windows 10 SDK (組建 17763) 已包含作為通用 Windows 平台開發工作負載的選擇性元件。The latest Windows 10 SDK (build 17763) is included as an optional component in the Universal Windows Platform development Workload.
  • 我們已加入為通用 Windows 平台專案與 Windows 應用程式封裝專案範本建立 建立 .MSIX 套件的支援。We added support for creating .MSIX packages for both the Universal Windows Platform projects, as well as in the Windows Application Packaging Project template. 若要建立 .MSIX 套件,您應用程式的最低版本必須是最新 Windows 10 SDK (組建 17763)。To create an .MSIX package, the minimum version of your application must be the latest Windows 10 SDK (build 17763).
  • 您現在可以建置 ARM64 UWP 應用程式。You can now build ARM64 UWP applications. 針對 .NET UWP 應用程式,只有 .NET Native 才支援 ARM64M,而且您必須將應用程式的「最低版本」設定 Fall Creators Update (Build 16299) 或更高版本。For .NET UWP applications, only .NET Native is supported for ARM64, and you must set the Minimum Version of your application to the Fall Creators Update (Build 16299) or higher.
  • 我們已改進通用 Windows 平台應用程式的 F5 (建置+部署) 速度。We made improvements to the F5 (Build + Deploy) speed for Universal Windows Platform applications. 使用 Windows 驗證部署到遠端目標時最能發現這個改進,但也會影響所有其他部署。This will be most noticeable for deployments to remote targets using Windows authentication, but will impact all other deployments as well.
  • 建置以 Windows 10 Fall Creators Update (組建 16299) 或更新版本為目標的 UWP 應用程式時,開發人員現在可以在使用 XAML 設計工具時,選擇指定控制項顯示選項Developers now have the option to specify Control Display Options when using the XAML Designer while building UWP applications targeting the Windows 10 Fall Creators Update (build 16299) or later. 選取 [僅顯示平台控制項] 可防止設計工具執行任何自訂控制程式碼,以改善設計工具的可靠性。Selecting "Only Display Platform Controls" prevents the designer from executing any custom control code to improve reliability of the designer.
  • XAML 設計工具現在會以後援控制項自動取代隨著可偵測之例外狀況擲回的控制項,而非讓設計工具當掉。The XAML designer now automatically replaces controls that throw with catchable exceptions with fallback controls, rather than having the designer crash. 後援控制項現在具有黃色的邊框,讓開發人員知道該控制項已在設計階段被取代。Fallback controls have a yellow border to cue in developers that the control has been replaced at design time.
  • Windows 應用程式封裝專案現在支援使用核心 CLR 偵錯工具類型的偵錯背景處理序。The Windows Application Packaging project now supports debugging background process using the Core CLR debugger type.

NuGetNuGet

NuGet 認證提供者改善NuGet Credential Provider Improvements

此版本大幅改善已驗證套件摘要的使用體驗,特別適用於 Mac 和 Linux 使用者:This release substantially improves the experience of using authenticated package feeds, especially for Mac and Linux users:

  • Visual Studio、MSBuild、NuGet.exe 和 .NET 現在支援新認證提供者外掛程式介面,該介面可由 Azure Artifacts 等私用套件主機實作。Visual Studio, MSBuild, NuGet.exe, and .NET now support a new Credential Provider plugin interface, which can be implemented by private package hosts like Azure Artifacts. 之前只有 NuGet.exe 和 Visual Studio 接受認證提供者。Previously, only NuGet.exe and Visual Studio accepted Credential Providers.
  • Visual Studio 版本 (包含 Build Tools 版本) 現在以特定工作負載提供 Azure Artifacts 認證提供者,因此您可以在開發過程中輕鬆使用 Azure Artifacts 摘要。Visual Studio editions (including the Build Tools edition) now deliver the Azure Artifacts Credential Provider with certain workloads, so that you can easily use Azure Artifacts feeds in the course of your development. 若要使用這些改善功能,請安裝「NuGet 套件管理員」 或「NuGet 目標和建置工作」 元件,或是 .NET Core 工作負載。To use these improvements, install the NuGet package manager or NuGet targets and build tasks components, or the .NET Core workload.

NuGet 套件管理員改善NuGet Package Manager Improvements

  • NuGet 現可鎖定 PackageReference 型專案的完整套件閉包,使重複還原套件變得可行。NuGet now enables locking the full package closure of PackageReference based projects, thereby enabling repeatable restore of packages.
  • Visual Studio NuGet 套件管理員 UI,現在會顯示使用新授權格式的套件授權資訊。The Visual Studio NuGet package manager UI now surfaces the license information for packages that use the new license format. 新的授權格式會以 SPDX 運算式或授權檔案格式,嵌入授權資訊,作為套件的一部分。The new license format embeds the license information as part of the package in the form of an SPDX expression or a license file.

NuGet 安全性NuGet Security

我們引進了 NuGet 用戶端原則,這可讓您設定套件安全性條件約束。We have introduced NuGet Client Policies which allow you to configure package security constraints. 這表示您可以鎖定環境,因此只有受信任的套件才能安裝:This means you can lock down environments so only trusted packages can be installed by:

  • 不允許安裝未簽署的套件。Disallowing the installation of unsigned packages.
  • 根據作者簽章定義受信任的簽署者清單。Defining a list of trusted signers based on the author signature.
  • 根據存放庫簽章中的中繼資料,定義受信任的 NuGet.org 套件擁有者清單。Defining a list of trusted NuGet.org package owners based on the metadata in the repository signature.

適用於 Visual Studio 的 .NET Core 工具.NET Core Tools for Visual Studio

從這個版本開始,適用於 Visual Studio 的 .NET Core 工具現在預設為只使用最新穩定版本的 .NET Core SDK,這是針對 Visual Studio 的 GA 版本安裝在電腦上的 SDK 版本。Starting with this release, the .NET Core tools for Visual Studio will now default to using only the latest stable version of a .NET Core SDK that is installed on your machine for GA releases of Visual Studio. 針對後續的預覽版,這些工具只會使用預覽版的 .NET Core SDK。For future previews, the tools will use only preview .NET Core SDKs.


Release Notes Icon Visual Studio 2017 15.9 版資訊安全諮詢注意事項Visual Studio 2017 version 15.9 Security Advisory Notices

Visual Studio 2017 15.9.12 版服務版本 -- 2019 年 5 月 14 日發行Visual Studio 2017 version 15.9.12 Service Release -- released on May 14, 2019 New Release icon

CVE-2019-0727 診斷中樞標準收集器服務權限提高弱點CVE-2019-0727 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

當診斷中樞標準收集器服務不當地處理某些檔案作業時,會引發權限提高弱點。An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly performs certain file operations. 惡意攻擊此弱點成功的攻擊者,將能刪除任意位置上的檔案。An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. 若要探索此弱點,攻擊者需要易受攻擊系統的無特殊權限存取權。To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. 此安全性更新藉由保護診斷中樞標準收集器執行檔案作業的所在位置來解決此弱點。The security update addresses the vulnerability by securing locations the Diagnostics Hub Standard Collector performs file operations in.

Visual Studio 2017 15.9.9 版服務版本 -- 發行於 2019 年 3 月 12 日Visual Studio 2017 version 15.9.9 Service Release -- released on March 12, 2019

CVE-2019-0809 Visual Studio 遠端程式碼執行弱點CVE-2019-0809 Visual Studio Remote Code Execution Vulnerability

當 Visual Studio C ++ 可轉散發安裝程式未在載入動態連結程式庫 (DLL) 檔案正確驗證輸入時,會存在遠端執行程式碼弱點。A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files. 成功惡意探索弱點的攻擊者,可以在目前使用者的內容中執行任意程式碼。An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user. 帳戶設定為具有較少使用者權限的使用者,與使用系統管理使用者權限的使用者相比,所受的影響可能較小。Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 為了惡意探索這項弱點,攻擊者必須將惡意 DLL 放在本機系統,並引誘使用者執行特定的可執行檔。To exploit the vulnerability, an attacker must place a malicious DLL on a local system and convince a user to execute a specific executable. 此安全性更新會藉由更正 Visual Studio C ++ 可轉散發安裝程式在載入 DLL 檔案之前驗證輸入的方式,來解決弱點。The security update addresses the vulnerability by correcting how the Visual Studio C++ Redistributable Installer validates input before loading DLL files.

CVE-2019-9197 Unity Editor 遠端程式碼執行弱點CVE-2019-9197 Unity Editor Remote Code Execution Vulnerability

Unity Editor 中存在遠端執行程式碼弱點,其為 Visual Studio 提供的協力廠商軟體,可作為使用 Unity 工作負載之遊戲開發的一部分來進行安裝。A remote code execution vulnerability exists in the Unity Editor, a 3rd party software that Visual Studio offers to install as part of the Game Development with Unity workload. 如果您已從 Visual Studio 安裝 Unity,請務必將您所使用 Unity 版本更新為可解決此弱點的版本,如 CVE 中所述。If you've installed Unity from Visual Studio, please make sure to update the version of Unity you're using to a version that addresses the vulnerability as described in the CVE. Visual Studio 安裝程式已更新,可提供能解決此弱點的 Unity Editor 版本並進行安裝。The Visual Studio installer has been updated to offer to install a Unity Editor version which addresses the vulnerability.

CVE-2019-0757 .NET Core NuGet 竄改弱點CVE-2019-0757 .NET Core NuGet Tampering Vulnerability

在 Linux或 Mac 環境執行時,NuGet 軟體會存在篡改弱點。A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. 成功惡意探索弱點的攻擊者可以在目前使用者的內容中執行任意程式碼。An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. 若目前使用者使用系統管理使用者權限登入,攻擊者可以控制受影響的系統。If the current user is logged on with administrative user rights, an attacker could take control of the affected system. 攻擊者接著可以完整的使用者權限安裝程式、檢視變更、刪除資料或建立新的帳戶。An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 帳戶設定為具有較少使用者權限的使用者,與使用系統管理使用者權限的使用者相比,所受的影響可能較小。Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 若要利用此弱點,攻擊者需要能夠像任何其他使用者一樣登入該電腦。Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. 屆時,攻擊者將能夠取代或新增由目前使用者帳戶中 NuGet 還原作業所建立的檔案。At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.

.NET Core 更新已在今天發行,並包含在此 Visual Studio 更新中。.NET Core updates have released today and are included in this Visual Studio update. 此安全性更新會更正 NuGet 還原為擷取至用戶端電腦之所有檔案建立檔案權限的方式,藉以解決弱點。The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine. 您可以在 .NET Core 版本資訊中查看此套件的詳細資料。Details about the packages can be found in the .NET Core release notes.

Visual Studio 2017 15.9.7 版服務版本 - 發行於 2019 年 2 月 12 日Visual Studio 2017 version 15.9.7 Service Release -- released on February 12, 2019

CVE-2019-0613 WorkflowDesigner XOML 還原序列化允許程式碼執行CVE-2019-0613 WorkflowDesigner XOML deserialization allows code execution

參考特定類型的 XOML 檔案可能會導致在 Visual Studio 中開啟 XOML 檔案時執行隨機程式碼。A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. 對於在 XOML 檔案中允許使用的類型,現在有所限制。There is now a restriction on what types are allowed to be used in XOML files. 如果開啟包含新未授權類型的 XOML 檔案,則會顯示訊息說明該類型未經授權。If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.

如果已知正在開啟的 XOML 檔案不會造成安全性問題,您可以將金鑰新增至 devenv.exe.config 檔案的 <appSettings> 區段,以停用針對未授權類型的檢查,如下所示:If it is known that the XOML file being opened does not cause security issues, you can disable the check for unauthorized types by adding a key to the <appSettings> section of the devenv.exe.config file as follows:

<appSettings>
  <add key="microsoft:WorkflowComponentModel:DisableXOMLSerializerTypeChecking" value="true"/>
</appSettings>

此 appSetting 值會完全停用 XOML 序列化程式中的類型檢查。This appSetting value completely disables the type checking in the XOML serializer. 如果此值為"true",則其優先順序高於其他新的 appSetting。If this value is "true", it takes precedence over the other new appSetting.

如果您僅希望禁止某些特定類型但允許所有其他類型,您需要對 devenv.exe.config 檔案進行下列變更:If you only want to disallow a few specific types, but allow all other types, your need to make the following changes to your devenv.exe.config file:

<appSettings>
  <add key="microsoft:WorkflowComponentModel:DisableXOMLSerializerDefaultUnauthorizedTypes" value="true"/>
</appSettings>

此操作可讓所有類型都預設為未經授權。This will allow all of the types are were unauthorized by default. 若要將特定類型標示為未經授權,您也必須將這些變更新增至 devenv.exe.config 檔案:To mark specific types as unauthorized you must also add these changes to the devenv.exe.config file:

<configuration>
...
  <configSections>
    <sectionGroup name="System.Workflow.ComponentModel.WorkflowCompiler" type="System.Workflow.ComponentModel.Compiler.WorkflowCompilerConfigurationSectionGroup, System.Workflow.ComponentModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
      <section name="authorizedTypes" type="System.Workflow.ComponentModel.Compiler.AuthorizedTypesSectionHandler, System.Workflow.ComponentModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    </sectionGroup>
  </configSections>
...
  <System.Workflow.ComponentModel.WorkflowCompiler>
    <authorizedTypes>
      <foo version="v4.0">
        <authorizedType Assembly="System.Activities.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Namespace="System.Activities.Presentation" TypeName="WorkflowDesigner" Authorized="false"/>
      </foo>
    </authorizedTypes>
  </System.Workflow.ComponentModel.WorkflowCompiler>
...
</configuration>

上述變更只會將組件 System.Activities.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 中的 System.Activities.Presentation.WorkflowDesigner 類型標示為未經授權。The above changes will only mark the type System.Activities.Presentation.WorkflowDesigner in the assembly System.Activities.Presentation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 as unauthorized. 若要將其他類型標記為未經授權,請為那些其他類型新增類似項目。To mark other types as unauthorized add similar entries for those other types.

CVE-2019-0657 .NET framework 和 Visual Studio 詐騙弱點CVE-2019-0657 .NET Framework and Visual Studio Spoofing Vulnerability

.NET Core 更新已在今天發行,並包含在此 Visual Studio 更新中。.NET Core updates have released today and are included in this Visual Studio update. 此版本解決安全性和其他重要問題。This release addresses security and other important issues. 您可以在 .NET Core 版本資訊中查看詳細資料。Details can be found in the .NET Core release notes.

Visual Studio 2017 15.9.5 版服務版本 - 發行於 2018 年 1 月 8 日Visual Studio 2017 version 15.9.5 Service Release -- released on January 08, 2018

CVE-2019-0546 Visual Studio 遠端程式碼執行弱點CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability

當 C++ 編譯器不適當地處理 C++ 建構的特定組合時,Visual Studio 中就會存在遠端程式碼執行弱點。A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs. 成功惡意探索弱點的攻擊者可以在目前使用者的內容中執行任意程式碼。An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. 若目前使用者使用系統管理使用者權限登入,攻擊者可以控制受影響的系統。If the current user is logged on with administrative user rights, an attacker could take control of the affected system. 攻擊者接著可以完整的使用者權限安裝程式、檢視變更、刪除資料或建立新的帳戶。An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 帳戶設定為具有較少使用者權限的使用者,與使用系統管理使用者權限的使用者相比,所受的影響可能較小。Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. 安全性更新會透過更正 Visual Studio C++ 編譯器處理特定 C++ 建構的方式來消除弱點。The security update addresses the vulnerability by correcting how the Visual Studio C++ compiler handles certain C++ constructs.

Visual Studio 2017 15.9.4 版服務版本 -- 發行於2018 年 12 月 11 日Visual Studio 2017 version 15.9.4 Service Release -- released on December 11, 2018

CVE-2018-8599 診斷中樞標準收集器服務權限提高弱點CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

當「診斷中樞標準收集器服務」不適當地處理特定作業時造成的權限提高弱點。An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles certain file operations. 成功探索此弱點的攻擊者可以取得提高的權限。An attacker who successfully exploited this vulnerability could gain elevated privileges. 若要探索此弱點,攻擊者需要易受攻擊系統的無特殊權限存取權。To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. 此安全性更新透過確定「診斷中樞標準收集器服務」適當地模擬檔案作業來去除弱點。The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Services properly impersonates file operations.


已修正的問題Fixed Issues

請查看 Visual Studio 2017 15.9 版中所有已修正的客戶回報問題。See all customer-reported issues fixed in Visual Studio 2017 version 15.9.

The Developer Community Portal


已知問題Known Issues

查看 Visual Studio 2017 15.9 版中所有現有的已知問題和可用的因應措施。See all existing known issues and available workarounds in Visual Studio 2017 version 15.9.

Visual Studio 2017 Known Issues


意見反應Feedback

我們很希望聽聽您的意見!We would love to hear from you! 若有任何問題,請透過安裝程式或 Visual Studio IDE 本身右上角的回報問題選項來通知我們。For issues, let us know through the Report a Problem option in the upper right-hand corner of either the installer or the Visual Studio IDE itself. 必須提供The Feedback Icon 圖示位在右上角。icon is located in the upper right-hand corner. 您可以在 Visual Studio 開發人員社群中提出產品建議或追蹤您的問題,也可以提出問題、尋找解答及提議新功能。You can make a product suggestion or track your issues in the Visual Studio Developer Community, where you can ask questions, find answers, and propose new features. 您也可以透過我們的即時聊天支援取得免費的安裝協助。You can also get free installation help through our Live Chat support.


部落格Blogs

善用「開發人員工具部落格」網站中的見解與建議,讓您能夠隨時取得所有新版本的最新資訊,以及涵蓋各類功能的深入探討文章。Take advantage of the insights and recommendations available in the Developer Tools Blogs site to keep you up-to-date on all new releases and include deep dive posts on a broad range of features.

Developer Tools Blogs


Visual Studio 2017 版本資訊記錄Visual Studio 2017 Release Notes History

如需舊版 Visual Studio 2017 的詳細資訊,請參閱 Visual Studio 2017 版本資訊歷程記錄頁面。For more information relating to past versions of Visual Studio 2017, see the Visual Studio 2017 Release Notes History page.


頁首
Top of Page