[Jwarder]

Seems like it makes the problem worse because you are then tied to a specific version at time of publishing and need to republish to get any framework patches.

https://learn.microsoft.com/en-us/dotnet/core/deploying/runt...

[foepys]

Indeed. Microsoft identified this as a problem as well and pushes .NET security patches via Windows Update nowadays. When using self-contained apps, you won't get these patches.

[easton]

.NET Core security patches aren't pushed via Windows Update, only .NET Framework (since it's built into Windows). Unless something changed recently?

[seritools]

If "Microsoft Update" is enabled in the Windows Update settings, you do get .NET Core updates: https://devblogs.microsoft.com/dotnet/net-core-updates-comin...

[easton]

News to me! I always deploy .NET 5/6 stuff on Linux, explains why I'm out of the loop. Thanks!

[vel0city]

You missed how there effectively isn't a .NET Core/.NET Framework delination anymore. It is just .NET, and .NET gets security patches from Windows Update.

[pjmlp]

.NET Core got renamed into .NET as of .NET 5, and it is still quite relevant to make a difference, plenty of people still don't get it.

[AlfeG]

It's same issue as deploying containers.