CodeQL fails build for Windows due to potentially pulled Microsoft.AspNetCore.App:8.0.14 version

[tylertech-lee-hazlett]

Description

Under these tools it lists: Microsoft.AspNetCore.App: 6.0.5, 6.0.26, 6.0.36, 6.0.37, 8.0.6, 8.0.13, 8.0.14, 9.0.2, 9.0.3

I believe 8.0.14 was pulled for a security issue.

When running a CodeQL scan, if targeting 8.0.14, the build fails because it is not installing 8.0.14 anymore. It only installs up to 8.0.13. After adding a dotnet-setup step to include all 8.0.X, the code scan works. I think we need a bump version on the specified tool.

Quick Fix:

Add a dotnet-setup step to your action targeting 8.0.X version before running autobuild.

Platforms affected

• Azure DevOps
• GitHub Actions - Standard Runners
• GitHub Actions - Larger Runners

Runner images affected

• Ubuntu 20.04
• Ubuntu 22.04
• Ubuntu 24.04
• macOS 13
• macOS 13 Arm64
• macOS 14
• macOS 14 Arm64
• macOS 15
• macOS 15 Arm64
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025

Image version and build link

Image Version: 2.323.0

No publicly available build, sorry.

Is it regression?

No

Expected behavior

Run CodeQL autobuild successfully

Actual behavior

Fails to autobuild with error message: C:\Users\runneradmin\.nuget\packages\microsoft.extensions.apidescription.server\6.0.3\build\Microsoft.Extensions.ApiDescription.Server.targets(66,5): error : You must install or update .NET to run this application. [D:\a\removed-for-security\removed-for-security\Example.Project\Example.Project.csproj]

Repro steps

Steps to reproduce:

1. Have a project targeting 8.0.14 specifically: <RuntimeFrameworkVersion>8.0.14</RuntimeFrameworkVersion> in .csproj file
2. Run a CodeQL scan using a Windows image

[Prabhatkumar59]

Hi @tylertech-lee-hazlett - Thank you for bringing this issue to our attention. We will look into this issue and will update you after investigating.

[subir0071]

The next image rollout would not have this version.
Will notify, once we complete the rollout for this week.