Releases, CVEs, and a look into The Last Of Us’s Breathing System as a programming marvel. Let’s get into it.

.NET Core 3.1.30, .NET 6.0.10 and .NET 7 RC 2 are out. On the .NET 3.1 and .NET 6 side, they’re patching a privilege escalation CVE (CVE-2022-41032), interestingly enough this also affects NuGet. As security releases too often are, this one is mum on the details because there’s no way that showing users how vulnerabilities work is a good thing. It’s best if that’s kept to as few eyes as possible, because if people were to be educated, what would happen? Chaos. They also list a CVE fix for .NET 7 RC2, but they don’t list the same CVE, even though they copied and pasted the text from one release announcement to the other. Apparently that CVE for .NET 7 RC 2 that’s fixed is CVE-2022-38013 (though again, I wonder if that isn’t a transposition error).

The Breathing System in Last Of us shows off how programming is (as Jeff Atwood put it) getting millions of tiny details right. You never think of breathing being complicated, after all, you’re doing it right now. But try to program it, and suddenly a whole bunch of little details have to be figured out. This is a great thread showing the wonder of modern game programming. Don’t forget part 2.

Marten and Friends Hopefully Big Future So Marten is a DocumentDB built on top of Postgresql; and Jasper (now rebranded as Wolverine) is a Message Bus for .NET. Long story short is that they’re working on commercializing and improving the story behind .NET CQRS/Event Sourcing/Distributed Frameworks; and I’m here for it. On the one side you have the extremely buttoned-up and corporate Orleans or Dapr, and on the other hand you have the people who make this an non-monolithic ecosystem.

With the new .NET 7 RC 2 release there were updates to ASP.NET Core including caching improvements and authentication diagnostics with Blazor and WebAssembly.

Terminal.Gui made the front page of the Orange Site, and it’s nice to see C# get some love. Special thanks to @ckindel for the mention.

And finally, Jeremy Sinclair has a twitter thread on source generated Regex improvements (that’s a lot to type) in .NET 7 worthy your time to read. Do you want to make Regexes fast? Now you only have two problems. (Also, it’s pronounced regex, not regex).

And that’s it for what I found last week in .NET. If you like internet shout-outs or sharing your favorite .NET (or let’s be real, Microsoft) content, send it my way @gortok on twitter, or if you’re getting this through email, hit reply. See you next week.