[automated] Merge branch 'release/9.0' => 'release/9.0-staging'#128153
Merged
svick merged 18 commits intoMay 13, 2026
Conversation
…edAttributes size in TarHeader Adds check for the "size" attribute in the ExdendedAttributes section of a tar file to prevent infinite loop with negative size. Follows the same throw logic for TarHeader's size. The negative sized tar file cannot be reproduced using .NET, hence the lack of tests. ---- #### AI description (iteration 1) #### PR Classification Bug fix to add validation for negative size values in TAR extended attributes. #### PR Summary Adds a safety check to prevent negative size values when reading TAR extended attributes from the PaxEaSize field, throwing an `InvalidDataException` if a negative size is encountered. - `TarHeader.Read.cs`: Added validation to check if the extended attributes size is negative before assignment, throwing `InvalidDataException` with `TarSizeFieldNegative` error message if true. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
Fix Windows tar vulnerability that allows creating a symlink to a file (and only a file, not a directory) to anywhere on the same drive where the tar is extracted. ---- #### AI description (iteration 1) #### PR Classification Bug fix to address incorrect symlink validation on Windows when extracting tar files with rooted paths. #### PR Summary Fixes symlink path validation in tar extraction on Windows by replacing `Path.IsPathFullyQualified` with `Path.IsPathRooted` and adding `Path.GetFullPath` calls to properly detect and reject symlinks pointing outside the destination directory. - `TarEntry.cs`: Changed symlink validation logic from `Path.IsPathFullyQualified` to `Path.IsPathRooted` with `Path.GetFullPath` for both entry names and link targets to correctly identify rooted paths on Windows - `TarFile.ExtractToDirectory.File.Tests.Windows.cs`: Added test case `ExtractToDirectory_RejectsSymlinkWithRootedTargetOutsideDestination` to verify symlinks with rooted targets outside the destination are properly rejected <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…hannelVersion 2.4.18 Updated Versions.props - MicrosoftNativeQuicMsQuicSchannelVersion 2.4.18 ---- #### AI description (iteration 1) #### PR Classification Dependency version update to upgrade the MsQuic Schannel package from version 2.4.17 to 2.4.18. #### PR Summary This pull request updates the MsQuic Schannel dependency to a newer patch version. - `/eng/Versions.props`: Updated `MicrosoftNativeQuicMsQuicSchannelVersion` from 2.4.17 to 2.4.18 <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…-merge-9.0-2026-05-12-1247
This pull request updates the following dependencies [marker]: <> (Begin:f85f62c8-5e7d-4706-1003-08dcbc30275f) ## From https://github.com/dotnet/emsdk - **Subscription**: [f85f62c8-5e7d-4706-1003-08dcbc30275f](https://maestro.dot.net/subscriptions?search=f85f62c8-5e7d-4706-1003-08dcbc30275f) - **Build**: [20260508.3](https://dev.azure.com/dnceng/internal/_build/results?buildId=2970290) ([313592](https://maestro.dot.net/channel/3883/github:dotnet:emsdk/build/313592)) - **Date Produced**: May 8, 2026 12:57:27 PM UTC - **Commit**: [b634e009d59f72e9254f984a6b89e685955e0eb8](dotnet/emsdk@b634e00) - **Branch**: [release/9.0](https://github.com/dotnet/emsdk/tree/release/9.0) [DependencyUpdate]: <> (Begin) - **Dependency Updates**: - From [9.0.16-servicing.26221.3 to 9.0.17-servicing.26258.3][4] - Microsoft.SourceBuild.Intermediate.emsdk - Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport - From [9.0.16 to 9.0.17][4] - Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100 [4]: dotnet/emsdk@e2909c0...b634e00 [DependencyUpdate]: <> (End) [marker]: <> (End:f85f62c8-5e7d-4706-1003-08dcbc30275f) [marker]: <> (Begin:Coherency Updates) ## Coherency Updates The following updates ensure that dependencies with a *CoherentParentDependency* attribute were produced in a build used as input to the parent dependency's build. See [Dependency Description Format](https://github.com/dotnet/arcade/blob/master/Documentation/DependencyDescriptionFormat.md#dependency-description-overview) [DependencyUpdate]: <> (Begin) - **Coherency Updates**: - **runtime.linux-arm64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-x64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-musl-arm64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-musl-x64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.win-arm64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.win-x64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.osx-arm64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.osx-x64.Microsoft.NETCore.Runtime.JIT.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-arm64.Microsoft.NETCore.Runtime.Mono.LLVM.Sdk**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-arm64.Microsoft.NETCore.Runtime.Mono.LLVM.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-musl-arm64.Microsoft.NETCore.Runtime.Mono.LLVM.Sdk**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-musl-arm64.Microsoft.NETCore.Runtime.Mono.LLVM.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Sdk**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-musl-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Sdk**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.linux-musl-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.win-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Sdk**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.win-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.osx-arm64.Microsoft.NETCore.Runtime.Mono.LLVM.Sdk**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.osx-arm64.Microsoft.NETCore.Runtime.Mono.LLVM.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.osx-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Sdk**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) - **runtime.osx-x64.Microsoft.NETCore.Runtime.Mono.LLVM.Tools**: from 19.1.0-alpha.1.26202.3 to 19.1.0-alpha.1.26256.3 (parent: Microsoft.NET.Workload.Emscripten.Current.Manifest-9.0.100.Transport) [DependencyUpdate]: <> (End) [marker]: <> (End:Coherency Updates) --------- Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: Larry Ewing <lewing@microsoft.com>
wfurt
approved these changes
May 13, 2026
Member
|
/ba-g only known errors |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I detected changes in the release/9.0 branch which have not been merged yet to release/9.0-staging. I'm a robot and am configured to help you automatically keep release/9.0-staging up to date, so I've opened this PR.
This PR merges commits made on release/9.0 by the following committers:
Instructions for merging from UI
This PR will not be auto-merged. When pull request checks pass, complete this PR by creating a merge commit, not a squash or rebase commit.
If this repo does not allow creating merge commits from the GitHub UI, use command line instructions.
Instructions for merging via command line
Run these commands to merge this pull request from the command line.
or if you are using SSH
After PR checks are complete push the branch
Instructions for resolving conflicts
Instructions for updating this pull request
Contributors to this repo have permission update this pull request by pushing to the branch 'merge/release/9.0-to-release/9.0-staging'. This can be done to resolve conflicts or make other changes to this pull request before it is merged.
The provided examples assume that the remote is named 'origin'. If you have a different remote name, please replace 'origin' with the name of your remote.
or if you are using SSH
Contact .NET Core Engineering (dotnet/dnceng) if you have questions or issues.
Also, if this PR was generated incorrectly, help us fix it. See https://github.com/dotnet/arcade/blob/main/.github/workflows/scripts/inter-branch-merge.ps1.