Publish Date: April 26, 2021
Why is Microsoft ending support for .NET Framework 4.5.2, 4.6, and 4.6.1?
The .NET Framework was previously digitally signed using certificates that use the Secure Hash Algorithm (SHA-1). SHA1- is a legacy cryptographic hashing algorithm that is no longer deemed secure. We are retiring content that were signed using digital certificates that used SHA1 to support evolving industry standards.
After looking at download and usage data across the different versions of .NET Framework, we found that updating .NET Framework 4.6.2 and newer versions to support newer digital certificates (for the installers) would satisfy the vast majority (98%) of users without them needing to make a change. The small set of users using .NET Framework 4.5.2, 4.6, or 4.6.1 will need to upgrade to a later .NET Framework version to stay supported. Applications do not need to be recompiled. Given the nature of this change, we decided that targeting .NET Framework 4.6.2 and later was the best balance of support and effort.
See this support article on retiring SHA-1 content for more information.
How do I know if I have these versions installed?
See the article on Determining which .NET Framework versions are installed.
I am still using these versions, what do I do?
If you are using .NET Framework 4.5.2, 4.6, or 4.6.1 you will need to move up to a more recent runtime version, at least .NET Framework 4.6.2, and preferably .NET Framework 4.8. Note that you only need to update the deployed runtime on top of which your apps run. There is no expectation that you rebuild your app to retarget the newer version.
I deploy my app to Azure App Service, do I need to do anything?
.NET Framework 4.8 is already deployed in Azure App Service so if you’re running your web app or Azure function in Azure App Service then there is nothing you need to do, you’re already using the latest 4.8 version.
I use a Virtual Machine in Azure, do I need to do anything?
We are working with our partner teams to ensure guest VM images for OS families that did not ship with at least 4.6.2 are updated to include this and expect this will be available before April 2022 when we stop supporting 4.5.2, 4.6, and 4.6.1 . Before April 2022, you can continue using .NET Framework 4.5.2, 4.6, and 4.6.1 and will be fully supported. That said, if you’d like to get a head start on validating your application functionality on the newer runtime version immediately you can use this guidance to Install .NET Framework on Azure Cloud Services.
My app is deployed inside an enterprise environment managed using Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM), what should I do?
The latest .NET Framework runtime – 4.8 is available on Windows Update, Windows Server Update Services (WSUS), and the Microsoft Update (MU) Catalog for client operating systems and WSUS and MU Catalog for Server operating systems.
What resources are available to me to help with this?
Here are some resources you may find helpful:
I am using Windows 10 2015 LTSC which shipped with .NET Framework 4.6. What should I do?
Windows 10 Enterprise LTSC 2015 shipped with .NET Framework 4.6 built into the OS. This OS version is a long-term servicing channel (LTSC) release. We will continue to support .NET Framework 4.6 on Windows 10 Enterprise LTSC 2015 through end of support of the OS version (October 2025).
Are there any breaking changes in .NET Framework 4.5.2? Why do you include these changes?
There are a very small number of changes in .NET Framework 4.5.2 that are not fully compatible with earlier .NET Framework versions. We call these runtime changes. We include these changes only when absolutely necessary in the interests of security, in order to comply with industry wide standards, or in order to correct a previous incompatibility within .NET Framework. Additionally, there are a small number of changes included in .NET Framework 4.5.2 that will only be enabled if you choose to recompile your application against .NET Framework 4.5.2; we call these changes retargeting changes.
More information about application compatibility including both .NET runtime and retargeting changes across the various versions in the .NET Framework 4.x family can be found here.
Will I need to recompile/rebuild my applications to use .NET Framework 4.6.2 and later versions?
.NET Framework 4.6.2 and later versions are compatible, in-place updates on top of previous .NET Framework 4.x versions including 4.5.2, 4.6 and 4.6.1. This means we expect applications built on previous .NET Framework 4.x versions to continue running on .NET Framework 4.6.2 and later versions with no changes. Recompiling of apps to target these versions is not necessary, you only need to update the runtime version. We recommend you test your application functionality on the newer .NET Framework runtime version before deploying to production.
I use ClickOnce or a Visual Studio Installer Project to deploy .NET Framework 4.6.2 or later as a pre-requisite for my app, what should I do?
The installers for .NET Framework 4.6.2 and above have been rebuilt, so if you use a bootstrapper to deploy the .NET Framework 4.6.2 or later as a pre-requisite with your app you will need to update PublicKey attribute in Product.xml and Package.xml files in order for the ClickOnce bootstrapper to properly detect the updated .NET installer packages.
Product.xml is used for English products and lives in root of the bootstrapper release. For instance, in the case of .NET Framework 4.6.2 this file would be under %ProgramFiles(x86)%\Microsoft SDKs\ClickOnce Bootstrapper\Packages\DotNetFX462\.
You will also find multiple Package.xml files under locale specific folders, these are used to deploy .NET Framework language packs with your application.
You need to update the value of the PublicKey attribute for the //Package/PackageFiles/PackageFile element to this value:
Note that there are two instances of the //Package/PackageFiles/PackageFile element in Product.xml, and one in each of Package.xml file. All instances need to be updated with the correct PublicKey.
See this article for on Creating bootstrapper packages for more information about this.
If you use another bootstrapper like the WiX Bootstrapper (Burn) you refer to Burn documentation for installing .NET Framework pre-requisites for more information.
I use .NET Framework 3.5 SP1 – can I continue using this?
There is no change to the support lifecycle for .NET Framework 3.5 SP1. See this site for specific end of support information for .NET Framework 3.5.
My application redistributes a .NET Framework installer version that will be unsupported in the future. What should I do?
You should plan on shipping a supported .NET runtime installer (4.6.2 or later) with the next planned update for your app. If your application is in an environment where the end user receives updates from Windows Update then their computer is most likely already running your app on .NET Framework 4.8 since .NET Framework 4.8 has been deployed broadly via Windows Update. If your app is used in an environment where Windows Update is blocked or unavailable then the end user for your app may need to deploy .NET Framework 4.6.2 or later themselves if your app installer doesn’t do this for them.
I use a Microsoft product like Exchange Server, SQL Server or Sharepoint that depend upon .NET Framework. Do I need to make updates to these products?
Newer versions of products such as Exchange, SQL Server, SharePoint, etc. are based on the .NET Framework 4.6.2 or later. The .NET Framework 4.6.2 and later versions are compatible, in-place updates on top of previous .NET Framework 4.x versions. This means that an older version of an application running on .NET Framework 4.5.2, 4.6, or 4.6.1 will continue to run without any changes when the .NET runtime is updated from .NET Framework 4.5.2, 4.6, or 4.6.1 to later versions. That said, we recommend you validate your deployments by updating the .NET runtime to .NET Framework 4.6.2 or later in a pre-production environment first before rolling out a newer version in the production environment.
I use a product from another software vendor that installs .NET Framework 4.5.2, 4.6, or 4.6.1. What should I do?
If your computer receives updates from Windows Update then your computer is most likely already running the app on .NET Framework 4.8 since .NET Framework 4.8 has been deployed broadly via Windows Update. If the app is used in an environment where Windows Update is blocked or unavailable then you should reach out to your application vendor and for an updated version of the application that deploys .NET Framework 4.6.2 or later.
What is the support lifecycle policy for .NET Framework?
See this site for the specific end of support dates for each version of the .NET Framework.
Does this affect .NET Core and .NET 5 or later?
No. The announcement is scoped to .NET Framework 4.5.2, 4.6 and 4.6.1. There is no change to the support lifecycle for .NET Core and .NET 5.