Miguel de Icaza releases

Mono 4.0 is out.

Check out our release notes for details about what is new on Mono 4.0.

This is the first Mono release that contains code from Microsoft’s open sourced .NET code. We are only getting started with this work. We are swiftly moving ahead in mono/master much more code that is being replaced and ported.

This version also is the first one to ship with C# 6.0 enabled by default. Learn all about C# 6.0 in only eight minutes on this presentation

Miguel de Icaza gsoc

Hey everyone! The Mono team is pleased to announce that we are a mentor organization in the Google Summer of Code 2015! This is the eleventh year of Summer of Code for us, and we’re really excited to work with a new group of students.

This is a great opportunity to spend the summer with a great community working on cutting edge open-source C# tools and frameworks. You can hone your development skills by working on large and complex codebases with experienced mentors, and get paid for your hard work too.

If you’re an eligible student, the application period runs from March 15-27. But don’t let that stop you from starting on your proposals! Feel free to introduce yourself to the community and mentors, talk about your ideas, and do some preliminary research to make your proposal as strong as it can be. If you’re feeling particularly ambitious, you could even get started on some quick bugfixes and patches to show off your skills; while this isn’t required, it is really helpful in seeing how you work and getting your name out in the community. Show us how excited you are about coding!

Same as last year, our project ideas and rules are available on our GSoC ideas page, and we’ll be updating the list as we come up with new ideas. Don’t let these ideas limit you though; if you have your own idea for a great project for the summer, put it in a proposal and send it our way. Or, if you can’t decide, you can always submit multiple proposals. Keep in mind, though, quality is better than quantity in this case.

Our project mailing lists should be your first stop for questions about contributing to Mono. There are many lists for different topics, but the main ones are mono, mono-devel and monodevelop-devel. For external projects, you should also contact the developers in their project mailing lists.

And of course IRC is where you can find everyone online, on the irc.gnome.org server. There’s the #mono channel for general Mono discussions, #monodev for Mono development, #monodevelop for MonoDevelop and Xamarin Studio, and #monosoc for Summer of Code-specific questions and saying “Hi” to your fellow students. Hang around a while after asking a question - we have mentors in many timezones so they may be asleep or busy when you visit.

If you’re not a student, you can participate in Summer of Code by helping the students feel welcome in our community! Or, if you’re interested in mentoring C# tools and libraries under the Mono umbrella, send an email to the Mono GSoC administrator at soc@xamarin.com.

To stay up to date with the applications process and the work of our students, follow us on Twitter and Google+. Good luck, and here’s to another great summer of coding!

Miguel de Icaza security

A TLS impersonation attack was discovered in Mono’s TLS stack by researchers at Inria (SKIP-TLS. During checks on our TLS stack, we have discovered two further issues which we have fixed - SSLv2 support, and vulnerability to FREAK. These vulnerabilities affect basically every Mono version ever released.

All three issues should be addressed in the following patches:

These patches should apply to all Mono versions from 3.4.0 or so onwards. The FREAK patch requires slight modification in order to apply to Mono releases prior to 3.x patch for Mono pre-3.4 should work for these users. The Impersonation patch requires slight modification to apply to Mono releases prior to 3.4 patch for Mono pre-3.4 should work for these users.

Alternatively, this is fixed in Mono 3.12.1 and higher: mono-3.12.1.tar.bz2

Mono’s github repository contains the bug fix for all supported branches (master, mono-4.0.0-branch, mono-3.12.0-branch, mono-3.10.0-branch).

Linux and Mac downloads from mono-project.com have been updated to 3.12.1 - the Windows release will take another day or two.

Below is a (non-exhaustive) list of Mono versions in use in supported distributions, and the patches they require for full coverage.

  • 2.4 branch (Ubuntu 10.04)
    • SSLv2 patch, Modified Impersonation patch, Modified FREAK patch
  • 2.6.7 (Debian 6, SLES 11)
    • SSLv2 patch, Modified Impersonation patch, Modified FREAK patch
  • 2.10.8 (Fedora 19, 20, 21)
    • SSLv2 patch, Modified Impersonation patch, Modified FREAK patch
  • (Debian 7, Ubuntu 12.04)
    • SSLv2 patch, Modified Impersonation patch, Modified FREAK patch
  • 3.0.3 (openSUSE 12.3)
    • SSLv2 patch, Modified Impersonation patch, FREAK patch
  • 3.0.6 (openSUSE 13.1)
    • SSLv2 patch, Modified Impersonation patch, FREAK patch
  • 3.2.8 (Debian 8, Ubuntu 12.10, 14.10, 15.04, Gentoo)
    • SSLv2 patch, Modified Impersonation patch, FREAK patch
  • 3.10.0 (Arch)
    • SSLv2 patch, Impersonation patch, FREAK patch

Rodrigo Kumpera releases

We are happy to introduce Mono 3.12.0!

Mono 3.12.0 has over 600 commits since the last release. This is the work of 70 contributors over the course of two months.

Check out the detailed release notes