dotnet
Installing new SDK with updated Runtime may break running application with older Runtime - switch to load all System-DLL on start?
Hi,
I had a crazy, self-produced problem with the last Runtime.
Configuration: Old service, created 2008 with NET.Remoting, later updated to WCF, now running as NET.8 minimal API IIS InProcess-hosted. Connected from Sql-Server via NET.4.8-Assembly with System.Net.HttpWebRequest, but the client isn't problem-relevant.
Own code uses some external dll, Mailkit/Mimekit, SSH.NET, System.IO.Compression.ZipFile.
Mailkit is immediately used after restart, sends a notification mail. So the Mailkit.dll is loaded.
ZipFile is rare used, may be only one time per month.
--
2025-07-08: Added the NET.8.0.412 SDK with the new 8.0.18 runtime. No restart of the service. Service runs with 8.0.17.
2025-07-18: Executing of the code that uses ZipFile crashed. File not found. The C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.17 directory was deleted, instead, a 8.0.18 directory exists.
Restarting the application fixed the problem. Ok, in theory, problem solved.
--
But: It's a general problem. Sometimes a restart / reboot isn't immediately (after SDK-Update) possible. Installing the new runtime 20:30, patching the whole server 01:50 with a reboot. If ZipFile is used the first time between, it would crash.
So idea / question: Is there something like a switch / command line option / config file option, that tells the application: Find and load all dependend DLL immediately after a restart. The delay would not be a problem. Result: All dlls are copied, the 8.0.17 directory isn't longer required. A newer version can delete that directory without affecting running services.
Additional benefit: If a dll is missing / can't be loaded, the application would crash / no start possible. A crash would only affect the test system, so that's not a problem.
Workaround: The old directory not immediately deleted, only in combination with the next reboot. May be there is a standard installation switch to delay the deletion.
PS: Deleting the old directory in general is a good idea. Nobody needs a list of older, never again used patches 8.0.1/8.0.2 etc., if 8.0.18 is installed and used.
Codecov Report
:white_check_mark: All modified and coverable lines are covered by tests.
:white_check_mark: Project coverage is 53.63%. Comparing base (d26b5fa) to head (8a6a5ea).
Additional details and impacted files
@@ Coverage Diff @@
## main #6326 +/- ##
=======================================
Coverage 53.63% 53.63%
=======================================
Files 1926 1926
Lines 85711 85711
Branches 7686 7686
=======================================
Hits 45975 45975
Misses 37963 37963
Partials 1773 1773
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Internal tracking:
- ID: PM-25804
- Link: https://bitwarden.atlassian.net/browse/PM-25804
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarQube Cloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Checkmarx One – Scan Summary & Details – c75170c9-7fb2-4388-b06a-e3bd5c36104a
New Issues (5)
Checkmarx found the following issues in this Pull Request
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
CSRF | /src/Api/Vault/Controllers/CiphersController.cs: 1328 | detailsMethod at line 1328 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...ID: yYQSxASiu37MwK3D3WkWP%2FGHW6U%3D |
|
CSRF | /src/Api/Auth/Controllers/AccountsController.cs: 259 | detailsMethod at line 259 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow...ID: KebdugJ0qblKwPtrc9%2FRDCaLpCU%3D |
|
CSRF | /src/Api/Vault/Controllers/CiphersController.cs: 1328 | detailsMethod at line 1328 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...ID: Sro0hHhBsdaaTtBpd5hWovEBEMg%3D |
|
CSRF | /src/Api/Vault/Controllers/CiphersController.cs: 1328 | detailsMethod at line 1328 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...ID: ecEuqKfCwSkgi9ECKvFrN5NVUYQ%3D |
|
Use_Of_Hardcoded_Password | /src/Core/Constants.cs: 136 | detailsThe application uses the hard-coded password CipherRepositoryBulkResourceCreation for authentication purposes, either using it to verify users' id...ID: QupHXmKshYGdw6KJL9ZMPk5GQrE%3D |
Fixed Issues (6)
Great job! The following issues were fixed in this Pull Request
| Severity | Issue | Source File / Package |
|---|---|---|
|
~~CSRF~~ | /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 106 |
|
~~CSRF~~ | /src/Api/Vault/Controllers/CiphersController.cs: 1432 |
|
~~CSRF~~ | /src/Api/Vault/Controllers/CiphersController.cs: 1432 |
|
~~CSRF~~ | /src/Api/Vault/Controllers/CiphersController.cs: 1432 |
|
~~CSRF~~ | /src/Api/Auth/Controllers/AccountsController.cs: 262 |
|
~~Use_Of_Hardcoded_Password~~ | /src/Identity/IdentityServer/RequestValidators/SendAccess/SendAccessConstants.cs: 115 |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}