Security Vulnerability CVE-2025-55315 - ASP.NET Core 8

Microsoft has published a new ASP.NET Core vulnerability (CVE-2025-55315) that could allow certain HTTP requests to bypass built-in security checks under specific conditions. This issue relates to how HTTP requests are parsed and handled by the ASP.NET Core web server (Kestrel).

What this means for Shinydocs Pro

We’re updating the version of .NET Core included with Shinydocs Pro to include Microsoft’s security fix. This update will be part of our next release.

If you prefer not to wait, you can safely update .NET Core on your host server now using Microsoft’s latest runtime package https://dotnet.microsoft.com/en-us/download/dotnet/8.0 .

What you should do

If your Shinydocs Pro server connects to the internet, you must install both ASP.NET Core Runtime 8.0.21 (or higher) AND .NET Desktop Runtime 8.0.21 (or higher).

Once the update is applied, restart the Shinydocs Pro service to load the new runtime.

No configuration changes are required in Shinydocs Pro itself.

If you have any additional questions, please contact https://help.shinydocs.com/support/v1/ .