Skip to content

Commit 760fe34

Browse files
CopilotBillWagnergewarren
authored
Update .NET 10 documentation with comprehensive feature integration and address review feedback (#47938)
* Initial plan * Update .NET 10 documentation for Preview 7 release Co-authored-by: BillWagner <[email protected]> * Restructure documentation and address all review feedback Co-authored-by: BillWagner <[email protected]> * Apply suggestions from code review Co-authored-by: Genevieve Warren <[email protected]> * Fix XML code formatting and add snippets project file Co-authored-by: BillWagner <[email protected]> * Fix remaining writing style issues in runtime documentation Co-authored-by: BillWagner <[email protected]> * Update libraries.md * Apply suggestions from code review Co-authored-by: Genevieve Warren <[email protected]> * Address reviewer feedback: fix ML-DSA description, clarify Composite ML-DSA types, move WebSocketStream description, fix TLS typo, and remove extra blank lines Co-authored-by: BillWagner <[email protected]> * Update docs/core/whats-new/dotnet-10/sdk.md * Address final reviewer feedback: change ML-DSA heading and add blank line before CLI introspection Co-authored-by: BillWagner <[email protected]> * Update docs/core/whats-new/dotnet-10/sdk.md --------- Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: BillWagner <[email protected]> Co-authored-by: Bill Wagner <[email protected]> Co-authored-by: Genevieve Warren <[email protected]>
1 parent 2a81ff0 commit 760fe34

File tree

12 files changed

+437
-12
lines changed

12 files changed

+437
-12
lines changed

docs/core/whats-new/dotnet-10/libraries.md

Lines changed: 183 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,14 @@
22
title: What's new in .NET libraries for .NET 10
33
description: Learn about the updates to the .NET libraries for .NET 10.
44
titleSuffix: ""
5-
ms.date: 07/16/2025
5+
ms.date: 08/12/2025
66
ms.topic: whats-new
77
ai-usage: ai-assisted
88
---
99

1010
# What's new in .NET libraries for .NET 10
1111

12-
This article describes new features in the .NET libraries for .NET 10. It's been updated for Preview 6.
12+
This article describes new features in the .NET libraries for .NET 10. It's been updated for Preview 7.
1313

1414
## Cryptography
1515

@@ -113,6 +113,73 @@ private static bool ValidateMLDsaSignature(ReadOnlySpan<byte> data, ReadOnlySpan
113113

114114
The PQC algorithms are available on systems where the system cryptographic libraries are OpenSSL 3.5 (or newer) or Windows CNG with PQC support. Also, the new classes are all marked as [`[Experimental]`](../../../fundamentals/syslib-diagnostics/experimental-overview.md) under diagnostic `SYSLIB5006` until development is complete.
115115

116+
#### ML-DSA
117+
118+
The <xref:System.Security.Cryptography.MLDsa> class includes ease-of-use features that simplify common code patterns:
119+
120+
```diff
121+
private static byte[] SignData(string privateKeyPath, ReadOnlySpan<byte> data)
122+
{
123+
using (MLDsa signingKey = MLDsa.ImportFromPem(File.ReadAllBytes(privateKeyPath)))
124+
{
125+
- byte[] signature = new byte[signingKey.Algorithm.SignatureSizeInBytes];
126+
- signingKey.SignData(data, signature);
127+
+ return signingKey.SignData(data);
128+
- return signature;
129+
}
130+
}
131+
```
132+
133+
Additionally, this release added support for HashML-DSA, which is called "PreHash" to help distinguish it from "pure" ML-DSA. As the underlying specification interacts with the Object Identifier (OID) value, the SignPreHash and VerifyPreHash methods on this `[Experimental]` type take the dotted-decimal OID as a string. This might evolve as more scenarios using HashML-DSA become well-defined.
134+
135+
```csharp
136+
private static byte[] SignPreHashSha3_256(MLDsa signingKey, ReadOnlySpan<byte> data)
137+
{
138+
const string Sha3_256Oid = "2.16.840.1.101.3.4.2.8";
139+
return signingKey.SignPreHash(SHA3_256.HashData(data), Sha3_256Oid);
140+
}
141+
```
142+
143+
#### Composite ML-DSA
144+
145+
.NET 10 introduces new types to support [ietf-lamps-pq-composite-sigs](https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-sigs/) (currently at draft 7), including `CompositeMLDsa` and `CompositeMLDsaAlgorithm` types with implementation of the primitive methods for RSA variants.
146+
147+
```csharp
148+
var algorithm = CompositeMLDsaAlgorithm.MLDsa65WithRSA4096Pss;
149+
using var privateKey = CompositeMLDsa.GenerateKey(algorithm);
150+
151+
byte[] data = [42];
152+
byte[] signature = privateKey.SignData(data);
153+
154+
using var publicKey = CompositeMLDsa.ImportCompositeMLDsaPublicKey(algorithm, privateKey.ExportCompositeMLDsaPublicKey());
155+
Console.WriteLine(publicKey.VerifyData(data, signature)); // True
156+
157+
signature[0] ^= 1; // Tamper with signature
158+
Console.WriteLine(publicKey.VerifyData(data, signature)); // False
159+
```
160+
161+
### AES KeyWrap with Padding (IETF RFC 5649)
162+
163+
AES-KWP is an algorithm that is occasionally used in constructions like Cryptographic Message Syntax (CMS) EnvelopedData, where content is encrypted once, but the decryption key needs to be distributed to multiple parties, each one in a distinct secret form.
164+
165+
.NET now supports the AES-KWP algorithm via instance methods on the <xref:System.Security.Cryptography.Aes> class:
166+
167+
```csharp
168+
private static byte[] DecryptContent(ReadOnlySpan<byte> kek, ReadOnlySpan<byte> encryptedKey, ReadOnlySpan<byte> ciphertext)
169+
{
170+
using (Aes aes = Aes.Create())
171+
{
172+
aes.SetKey(kek);
173+
174+
Span<byte> dek = stackalloc byte[256 / 8];
175+
int length = aes.DecryptKeyWrapPadded(encryptedKey, dek);
176+
177+
aes.SetKey(dek.Slice(0, length));
178+
return aes.DecryptCbc(ciphertext);
179+
}
180+
}
181+
```
182+
116183
## Globalization and date/time
117184

118185
- [New method overloads in ISOWeek for DateOnly type](#new-method-overloads-in-isoweek-for-dateonly-type)
@@ -183,6 +250,7 @@ This new API is already used in <xref:System.Json.JsonObject> and improves the p
183250
- [Allow specifying ReferenceHandler in `JsonSourceGenerationOptions`](#allow-specifying-referencehandler-in-jsonsourcegenerationoptions)
184251
- [Option to disallow duplicate JSON properties](#option-to-disallow-duplicate-json-properties)
185252
- [Strict JSON serialization options](#strict-json-serialization-options)
253+
- [PipeReader support for JSON serializer](#pipereader-support-for-json-serializer)
186254

187255
### Allow specifying ReferenceHandler in `JsonSourceGenerationOptions`
188256

@@ -224,6 +292,37 @@ These options are read-compatible with <xref:System.Text.Json.JsonSerializerOpti
224292

225293
For more information about JSON serialization, see [System.Text.Json overview](../../../standard/serialization/system-text-json/overview.md).
226294

295+
### PipeReader support for JSON serializer
296+
297+
<xref:System.Text.Json.JsonSerializer.Deserialize%2A?displayProperty=nameWithType> now supports <xref:System.IO.Pipelines.PipeReader>, complementing the existing <xref:System.IO.Pipelines.PipeWriter> support. Previously, deserializing from a `PipeReader` required converting it to a <xref:System.IO.Stream>, but the new overloads eliminate that step by integrating `PipeReader` directly into the serializer. As a bonus, not having to convert from what you're already holding can yield some efficiency benefits.
298+
299+
This shows the basic usage:
300+
301+
:::code language="csharp" source="snippets/csharp/PipeReaderBasic.cs":::
302+
303+
Here is an example of a producer that produces tokens in chunks and a consumer that receives and displays them:
304+
305+
:::code language="csharp" source="snippets/csharp/PipeReaderChunks.cs":::
306+
307+
All of this is serialized as JSON in the <xref:System.IO.Pipelines.Pipe> (formatted here for readability):
308+
309+
```json
310+
[
311+
{
312+
"Message": "The quick brown fox",
313+
"Timestamp": "2025-08-01T18:37:27.2930151-07:00"
314+
},
315+
{
316+
"Message": " jumps over",
317+
"Timestamp": "2025-08-01T18:37:27.8594502-07:00"
318+
},
319+
{
320+
"Message": " the lazy dog.",
321+
"Timestamp": "2025-08-01T18:37:28.3753669-07:00"
322+
}
323+
]
324+
```
325+
227326
## System.Numerics
228327

229328
- [More left-handed matrix transformation methods](#more-left-handed-matrix-transformation-methods)
@@ -328,3 +427,85 @@ A community contribution improved the performance of <xref:System.IO.Compression
328427

329428
- Eliminates repeated allocation of ~64-80 bytes of memory per concatenated stream, with additional unmanaged memory savings.
330429
- Reduces execution time by approximately 400 ns per concatenated stream.
430+
431+
## Windows process management
432+
433+
### Launch Windows processes in new process group
434+
435+
For Windows, you can now use <xref:System.Diagnostics.ProcessStartInfo.CreateNewProcessGroup?displayProperty=nameWithType> to launch a process in a separate process group. This allows you to send isolated signals to child processes that could otherwise take down the parent without proper handling. Sending signals is convenient to avoid forceful termination.
436+
437+
:::code language="csharp" source="snippets/csharp/ProcessGroup.cs":::
438+
439+
## WebSocket enhancements
440+
441+
### WebSocketStream
442+
443+
.NET 10 introduces `WebSocketStream` <!--<xref:System.Net.WebSockets.WebSocketStream>-->, a new API designed to simplify some of the most common&mdash;and previously cumbersome&mdash;<xref:System.Net.WebSockets.WebSocket> scenarios in .NET.
444+
445+
Traditional `WebSocket` APIs are low-level and require significant boilerplate: handling buffering and framing, reconstructing messages, managing encoding/decoding, and writing custom wrappers to integrate with streams, channels, or other transport abstractions. These complexities make it difficult to use WebSockets as a transport, especially for apps with streaming or text-based protocols, or event-driven handlers.
446+
447+
`WebSocketStream` addresses these pain points by providing a <xref:System.IO.Stream>-based abstraction over a WebSocket. This enables seamless integration with existing APIs for reading, writing, and parsing data, whether binary or text, and reduces the need for manual plumbing.
448+
449+
`WebSocketStream` enables high-level, familiar APIs for common WebSocket consumption and production patterns. These APIs reduce friction and make advanced scenarios easier to implement.
450+
451+
#### Common usage patterns
452+
453+
Here are a few examples of how `WebSocketStream` simplifies typical `WebSocket` workflows:
454+
455+
##### Streaming text protocol (for example, STOMP)
456+
457+
:::code language="csharp" source="snippets/csharp/WebSocketStreamText.cs":::
458+
459+
##### Streaming binary protocol (for example, AMQP)
460+
461+
:::code language="csharp" source="snippets/csharp/WebSocketStreamBinary.cs":::
462+
463+
##### Read a single message as a stream (for example, JSON deserialization)
464+
465+
:::code language="csharp" source="snippets/csharp/WebSocketStreamRead.cs":::
466+
467+
##### Write a single message as a stream (for example, binary serialization)
468+
469+
:::code language="csharp" source="snippets/csharp/WebSocketStreamWrite.cs":::
470+
471+
## TLS enhancements
472+
473+
### TLS 1.3 for macOS (client)
474+
475+
.NET 10 adds client-side TLS 1.3 support on macOS by integrating Apple's Network.framework into <xref:System.Net.Security.SslStream> and <xref:System.Net.Http.HttpClient>. Historically, macOS used Secure Transport which doesn't support TLS 1.3; opting into Network.framework enables TLS 1.3.
476+
477+
#### Scope and behavior
478+
479+
- macOS only, client-side in this release.
480+
- Opt-in. Existing apps continue to use the current stack unless enabled.
481+
- When enabled, older TLS versions (TLS 1.0 and 1.1) might no longer be available via Network.framework.
482+
483+
#### How to enable
484+
485+
Use an AppContext switch in code:
486+
487+
```csharp
488+
// Opt in to Network.framework-backed TLS on Apple platforms
489+
AppContext.SetSwitch("System.Net.Security.UseNetworkFramework", true);
490+
491+
using var client = new HttpClient();
492+
var html = await client.GetStringAsync("https://example.com");
493+
```
494+
495+
Or use an environment variable:
496+
497+
```bash
498+
# Opt-in via environment variable (set for the process or machine as appropriate)
499+
DOTNET_SYSTEM_NET_SECURITY_USENETWORKFRAMEWORK=1
500+
# or
501+
DOTNET_SYSTEM_NET_SECURITY_USENETWORKFRAMEWORK=true
502+
```
503+
504+
#### Notes
505+
506+
- TLS 1.3 applies to <xref:System.Net.Security.SslStream> and APIs built on it (for example, <xref:System.Net.Http.HttpClient>/<xref:System.Net.Http.HttpMessageHandler>).
507+
- Cipher suites are controlled by macOS via Network.framework.
508+
- Underlying stream behavior might differ when Network.framework is enabled (for example, buffering, read/write completion, cancellation semantics).
509+
- Semantics might differ for zero-byte reads. Avoid relying on zero-length reads for detecting data availability.
510+
- Certain internationalized domain names (IDN) hostnames might be rejected by Network.framework. Prefer ASCII/Punycode (A-label) hostnames or validate names against macOS/Network.framework constraints.
511+
- If your app relies on specific <xref:System.Net.Security.SslStream> edge-case behavior, validate it under Network.framework.

docs/core/whats-new/dotnet-10/overview.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,14 @@
22
title: What's new in .NET 10
33
description: Learn about the new features introduced in .NET 10 for the runtime, libraries, and SDK. Also find links to what's new in other areas, such as ASP.NET Core.
44
titleSuffix: ""
5-
ms.date: 07/16/2025
5+
ms.date: 08/12/2025
66
ms.topic: whats-new
77
ai-usage: ai-assisted
88
---
99

1010
# What's new in .NET 10
1111

12-
Learn about the new features in .NET 10 and find links to further documentation. This page has been updated for Preview 6.
12+
Learn about the new features in .NET 10 and find links to further documentation. This page has been updated for Preview 7.
1313

1414
.NET 10, the successor to [.NET 9](../dotnet-9/overview.md), is [supported for three years](https://dotnet.microsoft.com/platform/support/policy/dotnet-core) as a long-term support (LTS) release. You can [download .NET 10 here](https://get.dot.net/10).
1515

@@ -23,14 +23,14 @@ For more information, see [What's new in the .NET 10 runtime](runtime.md).
2323

2424
## .NET libraries
2525

26-
The .NET 10 libraries introduce new APIs in cryptography, globalization, numerics, serialization, collections, and diagnostics, and when working with ZIP files. New JSON serialization options include disallowing duplicate properties and strict serialization settings. Post-quantum cryptography support has been expanded with Windows Cryptography API: Next Generation (CNG) support.
26+
The .NET 10 libraries introduce new APIs in cryptography, globalization, numerics, serialization, collections, and diagnostics, and when working with ZIP files. New JSON serialization options include disallowing duplicate properties, strict serialization settings, and `PipeReader` support for improved efficiency. Post-quantum cryptography support has been expanded with Windows Cryptography API: Next Generation (CNG) support, enhanced ML-DSA with simplified APIs and HashML-DSA support, plus Composite ML-DSA. Additional cryptography enhancements include AES KeyWrap with Padding support. New networking capabilities include `WebSocketStream` for simplified `WebSocket` usage and TLS 1.3 support for macOS clients. Process management gains Windows process group support for better signal isolation.
2727

2828
For more information, see [What's new in the .NET 10 libraries](libraries.md).
2929
For details on JSON serialization, see [System.Text.Json overview](/dotnet/standard/serialization/system-text-json/overview).
3030

3131
## .NET SDK
3232

33-
The .NET 10 SDK includes support for [Microsoft.Testing.Platform](../../testing/microsoft-testing-platform-intro.md) in `dotnet test`, standardizes CLI command order, and updates the CLI to generate native tab-completion scripts for popular shells. For containers, console apps can natively create container images, and a new property lets you explicitly set the format of container images. The SDK also supports platform-specific .NET tools, one-shot tool execution with `dotnet tool exec`, the new `dnx` tool execution script, CLI introspection with `--cli-schema`, and enhanced file-based apps with publish support and native AOT.
33+
The .NET 10 SDK includes support for [Microsoft.Testing.Platform](../../testing/microsoft-testing-platform-intro.md) in `dotnet test`, standardizes CLI command order, and updates the CLI to generate native tab-completion scripts for popular shells. For containers, console apps can natively create container images, and a new property lets you explicitly set the format of container images. The SDK also supports platform-specific .NET tools with enhanced compatibility via the `any` RuntimeIdentifier, one-shot tool execution with `dotnet tool exec`, the new `dnx` tool execution script, CLI introspection with `--cli-schema`, and enhanced file-based apps with publish support and native AOT.
3434

3535
For more information, see [What's new in the SDK for .NET 10](sdk.md).
3636
For details on .NET tools, see [Manage .NET tools](/dotnet/core/tools/global-tools).

docs/core/whats-new/dotnet-10/runtime.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@
22
title: What's new in .NET 10 runtime
33
description: Learn about the new features introduced in the .NET 10 runtime.
44
titleSuffix: ""
5-
ms.date: 07/16/2025
5+
ms.date: 08/12/2025
66
ms.topic: whats-new
77
ai-usage: ai-assisted
88
---
99
# What's new in the .NET 10 runtime
1010

11-
This article describes new features and performance improvements in the .NET runtime for .NET 10. It has been updated for Preview 6.
11+
This article describes new features and performance improvements in the .NET runtime for .NET 10. It's been updated for Preview 7.
1212

1313
## JIT compiler improvements
1414

@@ -48,7 +48,7 @@ private static void Main()
4848
}
4949
```
5050

51-
On x64, we pass the members of `Point` to `Consume` in separate registers, and since physical promotion kicked in for the local `p`, we don't allocate anything on the stack first:
51+
On x64, the members of `Point` are passed to `Consume` in separate registers, and since physical promotion kicked in for the local `p`, nothing is allocated on the stack first:
5252

5353
```asm
5454
Program:Main() (FullOpts):
@@ -57,7 +57,7 @@ Program:Main() (FullOpts):
5757
tail.jmp [Program:Consume(Program+Point)]
5858
```
5959

60-
Now, suppose we changed the type of the members of `Point` to `int` instead of `long`. Because an `int` is four bytes wide, and registers are eight bytes wide on x64, the calling convention requires us to pass the members of `Point` in one register. Previously, the JIT compiler would first store the values to memory, and then load the eight-byte chunk into a register. With the .NET 10 improvements, the JIT compiler can now place the promoted members of struct arguments into shared registers directly:
60+
Now, suppose the type of the members of `Point` was changed to `int` instead of `long`. Because an `int` is four bytes wide, and registers are eight bytes wide on x64, the calling convention requires the members of `Point` to be passed in one register. Previously, the JIT compiler would first store the values to memory, and then load the eight-byte chunk into a register. With the .NET 10 improvements, the JIT compiler can now place the promoted members of struct arguments into shared registers directly:
6161

6262
```asm
6363
Program:Main() (FullOpts):

docs/core/whats-new/dotnet-10/sdk.md

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,14 @@
22
title: What's new in the SDK and tooling for .NET 10
33
description: Learn about the new .NET SDK features introduced in .NET 10.
44
titleSuffix: ""
5-
ms.date: 07/16/2025
5+
ms.date: 08/12/2025
66
ms.topic: whats-new
77
ai-usage: ai-assisted
88
---
99

1010
# What's new in the SDK and tooling for .NET 10
1111

12-
This article describes new features and enhancements in the .NET SDK for .NET 10. It has been updated for Preview 6.
12+
This article describes new features and enhancements in the .NET SDK for .NET 10. It's been updated for Preview 7.
1313

1414
## .NET tools enhancements
1515

@@ -59,6 +59,27 @@ The actual implementation of the `dnx` command is in the `dotnet` CLI itself, al
5959

6060
For more information about managing .NET tools, see [Manage .NET tools](../../tools/global-tools.md).
6161

62+
### Use the `any` RuntimeIdentifier with platform-specific .NET tools
63+
64+
The [platform-specific .NET tools](#platform-specific-net-tools) feature is great for making sure tools are optimized for specific platforms that you target ahead-of-time. However, there are times where you won't know all of the platforms that you'd like to target, or sometimes .NET itself will learn how to support a new platform, and you'd like your tool to be runnable there too.
65+
66+
To make your tool work this way, add the `any` runtime identifier to your project file:
67+
68+
```xml
69+
<PropertyGroup>
70+
<RuntimeIdentifiers>
71+
linux-x64;
72+
linux-arm64;
73+
macos-arm64;
74+
win-x64;
75+
win-arm64;
76+
any
77+
</RuntimeIdentifiers>
78+
</PropertyGroup>
79+
```
80+
81+
This RuntimeIdentifier is at the 'root' of the platform-compatibility checking, and since it declares support for _any_ platform, the tool that gets packaged will be the most compatible kind of tool - a framework-dependent, platform-agnostic .NET DLL, which requires a compatible .NET Runtime to execute. When you perform a `dotnet pack` to create your tool, you'll see a new package for the `any` RuntimeIdentifier appear alongside the other platform-specific packages and the top-level manifest package.
82+
6283
### CLI introspection with `--cli-schema`
6384
6485
A new `--cli-schema` option is available on all CLI commands. When used, it outputs a JSON representation of the CLI command tree for the invoked command or subcommand. This is useful for tool authors, shell integration, and advanced scripting.
Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
using System;
2+
using System.IO.Pipelines;
3+
using System.Text.Json;
4+
using System.Threading.Tasks;
5+
6+
var pipe = new Pipe();
7+
8+
// Serialize to writer
9+
await JsonSerializer.SerializeAsync(pipe.Writer, new Person("Alice"));
10+
await pipe.Writer.CompleteAsync();
11+
12+
// Deserialize from reader
13+
var result = await JsonSerializer.DeserializeAsync<Person>(pipe.Reader);
14+
await pipe.Reader.CompleteAsync();
15+
16+
Console.WriteLine($"Your name is {result.Name}.");
17+
// Output: Your name is Alice.
18+
19+
record Person(string Name);

0 commit comments

Comments
 (0)