What’s new in Microsoft .NET Framework 4.8

Microsoft has released .NET Framework 4.8, the latest version of the company’s application development framework for Windows. The update brings a number of bug fixes, security patches, and improvements to the Common Language Runtime, ASP.NET, Windows Forms, Windows Presentation Foundation, and Windows Communication Foundation. 

Where to download .NET Framework 4.8

You can download the production release of .NET Framework from Microsoft’s .NET site. 

[ Read the InfoWorld review: Visual Studio 2017 is the best ever ]

Current version: The new features in .NET Framework 4.8

Released April 18, 2019, .NET Framework 4.8 includes the following new features and improvements:

• For NGEN (Native Image Generator), images in the .NET Framework no longer have writable and executable sections. This reduces surface area available to attacks that attempt to execute arbitrary code by modifying NGEN memory addresses.
• Anti-malware scanning is now initiated for all assemblies, whether loaded from disk or network. Previously, the .NET runtime only initiated scans (by Windows Defender and third-party anti-malware software implementing the Antimalware Scan Interface) of assemblies loaded from disk. 
• The .NET Framework 4.8 JIT compiler is based on .NET Core 2.1. Bug fixes and code generation based optimizations from .NET Core 2.1 are now available in .NET Framework.
• In the BCL (base class library), the Zlib external compression library has been improved, the number of object finalizations occurring as a result of using X509Certificate2 and related types has been reduced, and an API has been added to obtain thumbprints with a caller-specified digest algorithm.
• In addition, the BCL in .NET Framework 4.8 reduces FIPS (Federal Information Processing Standards) impact on cryptography. Since .NET Framework 2.0, cryptographic provider classes have thrown an exception when cryptographic libraries are configured in FIPS mode. With .NET 4.8, these exceptions will no longer be thrown by default.
• Accessibility enhancements are offered for Windows Forms, to improve communication of application data to the visually impaired.
• In ASP.NET, an issue has been fixed involving the handling of multivalue HTTP headers that may affect multipart data processing.
• CLR (Common Language Runtime) issues were fixed in which incorrect values were sent as EventListeners.
• Enabled labels in Windows Forms are now always rendered via a high-contrast text color when a high contrast mode is enabled. This affects applications recompiled to target .NET Framework 4.8.
• The hashing algorithm used to generate XOML file checksums when building projects with XOML files has been changed. Developers can still use the previous algorithm.
• The hashing algorithm for calculating keys to internal memory caches has been modified. Developers can still use the previous algorithm.
• A memory leak has been fixed that affected HttpWebRequest when communicating with an HTTPS server through a proxy.
• In Windows Presentation Foundation, a memory leak has been fixed that had arisen when removing data items from parent collections when UIAutomation was present.
• Windows Presentation Foundation has added support for Per-Monitor V2 DPI Awareness and Mixed-Mode DPI.
• In Windows Communication Foundation, an accessibility problem has been fixed that had caused ComboBox controls to be incorrectly themed in high-contrast themes.
• In Windows Communication Foundation, ServiceHealthBehavior is featured as a service behavior added to the ServiceDescription.Behaviors collection. It can return service health status with HTTP response codes and enable publication of service health. 

Previous version: The new features in .NET Framework 4.7.2

Already popular in technologies such as the Spring Framework, dependency injection lets one object supply dependencies of another object. .NET Framework 4.7.2 makes it easier to use this capability in ASP.net web forms. Setter-, interface- and constructor-based injection are supported, and other dependency injection frameworks can be plugged in.

Other new features in .NET Framework 4.7.2 include:

• The SameSite property is added to the ASP.NET web framework, to assert that a cookie ought not be sent with cross-site requests. The goal of the SameSite attribute is to reduce information leakage and protect against cross-site forgery attacks. The property is added in HttpCookieType. It also is featured in the FormsAuthentication and SessionState cookies.
• To improve security and compliance, Azure Active Directory authentication is supported via an interactive authentication keyword added to multifactor authentication. It is an extension of the SqlClient Connection String.
• APIs are added to standard collection types, enabling new functionality such as HashSet constructors that let HashSets be constructed with a capacity. This offers a performance benefit when it is known what the size of the HashSet is.
• Cryptographic improvements simplify the creation of RSA and DSA objects and calling ImportParameters.
• Windows Presentation Foundation (WPF) has added the StaticResource references feature letting a diagnostic assistant be notified when a StaticResource reference is resolved. For example, a diagnostic assistant such as Visual Studio’s Edit-and-Continue facility might want to update uses of a resource when it changes or a replaces a value in a resource dictionary.
• The WorkflowDesignerColors class has been added to improve UI experiences in high-contrast mode.
• Through Zlib decompression, throughput has been improved for decompressing Zip archives by using a native implementation of Zip.
• .NET Framework workloads now can generate certificate-signing requests, enabling request generation to be staged into existing tools.
• Per-monitor support has been added for Windows Presentation Foundation and HDPI-aware VSTO (Visual Studio Tools for Office) applications deployed using ClickOnce.
• Support is improved for .NET Standard 2.0.
• Diagnostic assistants can locate ResourceDictionaries created from a given source URI.

Previous version: What’s new in .NET Framework 4.7.1

With Microsoft’s release of .NET Framework 4.7.1 in mid-October 2017, the development platform gained critical improvements to garbage collection, security, and application configuration. 

To boost memory allocation performance, particularly for large object heap allocations, an architectural change to the garbage collector splits the heap allocation into small and large object heaps. Applications making a lot of large object heap allocations should experience a reduction in allocation lock contention and better performance.

The update also adds secure hash options for ASP.NET forms authentication, including SHA-2 (Secure Hash Algorithm), the stronger successor to SHA-1. For compatibility, SHA-1 is still the default option. SHA-2 is also supported for Message.HashAlgorithm, which specifies the hash algorithm used by message queuing when authenticating. 

New configuration builders in .NET 4.7.1 allow developers to inject and build configuration for applications at runtime. The configuration data can be taken from sources beyond the config file; in previous versions of .NET, configuration is static. Through configuration builders, applications are able to apply a custom-defined set of builders to a section of config. Builders can modify configuration data contained in a config section or build it from scratch, even drawing new data from sources other than static files.

Other features of the upgrade include:

• Support for the .NET Standard 2.0 specification, which features a set of APIs shared by multiple .NET implementations.
• Accessibility improvements in WPF (Windows Presentation Foundation) and Windows Forms, including High Contrast enhancements, enhanced UI patterns, and improved experiences in tools such as Narrator.
• Visual diagnostics support in WPF, which enables the use of tools for analyzing XAML visual trees.
• Compiler support for ReadOnlyReferences in the C# 7.2 language, for passing variables by reference but without exposing data to modifications.
• A runtime feature detection API to determine whether a runtime supports a particular feature.
• Serializable SystemValueTuple types, which should make it easier to migrate from System.Tuple to the new tuple syntax in C# 7.0 and Visual Basic 15.5.
• An ASP.NET API providing a standardized way to build an HttpCookie object from a string and capture cookie properties such as expiration date and path.
• An execution step feature in ASP.NET, called ExecutionStepInvoker, which allows developers to run execution steps inside their code, rather than in ASP.NET’s pre-defined pipeline. This feature is intended for libraries concerned with application execution flow.