dotnet · lbussell · Nov 13, 2025 · Nov 12, 2025 · Nov 13, 2025 · Nov 13, 2025
@@ -10,7 +10,7 @@ body:
         If you're reporting the presence of a disclosed security vulnerability, such as a CVE reported in one of our container images, please follow our [vulnerability reporting guidelines](https://github.com/dotnet/dotnet-docker/blob/main/documentation/vulnerability-reporting.md).
 
         If you believe you have an issue that affects the security of .NET, please do NOT create an issue and instead email your issue details to [email protected].
-        Your report may be eligible for our [bug bounty](https://www.microsoft.com/en-us/msrc/bounty-dot-net-core) but ONLY if it is reported through email.
+        Your report may be eligible for our [bug bounty](https://www.microsoft.com/msrc/bounty-dot-net-core) but ONLY if it is reported through email.
 
         For other types of questions, consider posting to [Discussions](https://github.com/dotnet/dotnet-docker/discussions) or [Stack Overflow](https://stackoverflow.com).
 

@@ -27,7 +27,7 @@ assignees: lbussell
 1. - [ ] Get PR signoff
 1. - [ ] Merge PR to nightly branch
 1. - [ ] Wait for automatically queued CI build to finish on [dotnet-docker-nightly pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=359) (internal MSFT link)
-1. - [ ] Confirm READMEs have been updated in [Docker Hub](https://hub.docker.com/r/microsoft/dotnet) and the [MAR Portal](https://mcr.microsoft.com/en-us/catalog?search=dotnet)
+1. - [ ] Confirm READMEs have been updated in [Docker Hub](https://hub.docker.com/r/microsoft/dotnet) and the [MAR Portal](https://mcr.microsoft.com/catalog?search=dotnet)
 
 ## Determining when to move a new distro to the main branch
 

@@ -38,7 +38,7 @@ title: "Add image for ___"
 1. - [ ] Get PR signoff
 1. - [ ] Merge PR to nightly branch
 1. - [ ] Wait for automatically queued CI build to finish on [dotnet-docker-nightly pipeline](https://dev.azure.com/dnceng/internal/_build?definitionId=359) (internal MSFT link)
-1. - [ ] Confirm READMEs have been updated on [MAR](https://mcr.microsoft.com/en-us/catalog?search=dotnet) and [Docker Hub](https://hub.docker.com/r/microsoft/dotnet)
+1. - [ ] Confirm READMEs have been updated on [MAR](https://mcr.microsoft.com/catalog?search=dotnet) and [Docker Hub](https://hub.docker.com/r/microsoft/dotnet)
 
 ## Main Branch Tasks
 

@@ -13,7 +13,7 @@ Please keep in mind that the GitHub issue tracker is intended for reporting **no
 If you're reporting the presence of a disclosed security vulnerability, such as a CVE reported in one of our container images, please follow our documented [guidance on vulnerability reporting](https://github.com/dotnet/dotnet-docker/blob/main/documentation/vulnerability-reporting.md).
 
 If you believe you have an issue that affects the security of .NET, please do NOT create an issue and instead email your issue details to <[email protected]>.
-Your report may be eligible for our [bug bounty](https://www.microsoft.com/en-us/msrc/bounty-dot-net-core), but ONLY if it is reported through email.
+Your report may be eligible for our [bug bounty](https://www.microsoft.com/msrc/bounty-dot-net-core), but ONLY if it is reported through email.
 
 ## Bugs and Feature Requests
 

@@ -8,7 +8,7 @@ The .NET Core and ASP.NET Core support policy, including supported versions can
 
 Security issues and bugs should be reported privately to the Microsoft Security Response Center (MSRC), either by emailing <[email protected]> or via the [Microsoft Security Response Center](https://msrc.microsoft.com).
 You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your
-original message. Further information, including the MSRC PGP key, can be found in the [MSRC Report an Issue FAQ](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue).
+original message. Further information, including the MSRC PGP key, can be found in the [MSRC Report an Issue FAQ](https://www.microsoft.com/msrc/faqs-report-an-issue).
 
 Reports via MSRC may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at [https://aka.ms/corebounty](https://aka.ms/corebounty).
 

@@ -102,7 +102,7 @@ COPY --from=installer /staging2/ /
 ## Debugging with Container Fast Mode
 
 In order to reduce image size and attack surface, Azure Linux .NET Runtime images do not contain the tools required to debug .NET apps using Visual Studio.
-The easiest way to enable local Visual Studio debugging while not modifying the production image is to use [Container Fast Mode](https://learn.microsoft.com/en-us/visualstudio/containers/container-build#debugging).
+The easiest way to enable local Visual Studio debugging while not modifying the production image is to use [Container Fast Mode](https://learn.microsoft.com/visualstudio/containers/container-build#debugging).
 
 To enable Container Fast Mode debugging without affecting your app's production image, you can create a new stage based off the `base` stage (called `debug` in the example) that contains the debugging tools, and then point the VS Fast Mode tools to that debug stage.
 
@@ -163,5 +163,5 @@ COPY --from=publish /app/publish .
 ENTRYPOINT ["dotnet", "aspnetapp.dll"]
 ```
 
-If this example doesn't work for your scenario, see [Container Tools build properties](https://docs.microsoft.com/en-us/visualstudio/containers/container-msbuild-properties?view=vs-2022) for more information on
+If this example doesn't work for your scenario, see [Container Tools build properties](https://docs.microsoft.com/visualstudio/containers/container-msbuild-properties) for more information on
 customizing the Fast Mode stage, or setting a custom `DockerDebuggeeKillProgram`.
@@ -40,7 +40,7 @@ See the [supported tags](supported-tags.md) for the tagging practices and polici
 1. Images will be rebuilt only as necessary in order to limit downstream image rebuilds and deployments for consumers of .NET images.
 The [Image Update Policy](https://github.com/dotnet/dotnet-docker/blob/main/README.md#image-update-policy) section of the README contains the exact guidelines for when images will be updated.
 
-1. Images will never be deleted from the [official .NET Docker repositories on the Microsoft Artifact Registry](https://mcr.microsoft.com/en-us/catalog?search=dotnet). This does not apply to the [nightly repositories](https://github.com/dotnet/dotnet-docker/blob/nightly/README.md).
+1. Images will never be deleted from the [official .NET Docker repositories on the Microsoft Artifact Registry](https://mcr.microsoft.com/catalog?search=dotnet). This does not apply to the [nightly repositories](https://github.com/dotnet/dotnet-docker/blob/nightly/README.md).
 
 1. The [Dockerfiles](https://github.com/search?q=repo%3Adotnet%2Fdotnet-docker+path%3A**%2FDockerfile&type=code) used to produce all of the images will be publicly available. Customers will be able to take the Dockerfiles and build them to produce their own equivalent images. No special build steps or permissions should be needed to build the Dockerfiles.
 

@@ -4,7 +4,7 @@
 
 All images were produced from the ["releasesapi" sample](https://github.com/dotnet/dotnet-docker/tree/main/samples/releasesapi) using Ubuntu 22.04 ("jammy") images for amd64.
 Alpine images will be similar.
-The Baseline image is a standard [framework-dependent](https://learn.microsoft.com/en-us/dotnet/core/deploying/#publish-framework-dependent) deployment on the ASP.NET runtime image.
+The Baseline image is a standard [framework-dependent](https://learn.microsoft.com/dotnet/core/deploying/#publish-framework-dependent) deployment on the ASP.NET runtime image.
 This is the largest image with the most functionality and flexibility.
 However, the new [Ubuntu Chiseled](https://github.com/dotnet/dotnet-docker/blob/main/documentation/ubuntu-chiseled.md) .NET base images can provide significantly smaller and more secure deployments for your application as demonstrated below.
 
@@ -23,15 +23,15 @@ However, the new [Ubuntu Chiseled](https://github.com/dotnet/dotnet-docker/blob/
 
 ## Self-Contained + Trimming Deployment
 
-[Self-contained](https://learn.microsoft.com/en-us/dotnet/core/deploying/#publish-self-contained) deployments bundle the .NET Runtime with your app so that it's able to run without the full .NET Runtime installed.
-[IL Trimming](https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-self-contained) for self-contained apps removes unused code from the .NET Runtime and libraries to reduce application size.
-And [Native AOT](https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/) deployment produces an app that is completely compiled to native code at build time for the smallest deployment size that .NET allows for.
+[Self-contained](https://learn.microsoft.com/dotnet/core/deploying/#publish-self-contained) deployments bundle the .NET Runtime with your app so that it's able to run without the full .NET Runtime installed.
+[IL Trimming](https://learn.microsoft.com/dotnet/core/deploying/trimming/trim-self-contained) for self-contained apps removes unused code from the .NET Runtime and libraries to reduce application size.
+And [Native AOT](https://learn.microsoft.com/dotnet/core/deploying/native-aot/) deployment produces an app that is completely compiled to native code at build time for the smallest deployment size that .NET allows for.
 
 | Image Kind | Base Image | Uncompressed Image Size | Compressed Image Size | % Size Savings Over Baseline[^1] |
 | --- | --- |--- | --- | --- |
-| [Self-contained](https://learn.microsoft.com/en-us/dotnet/core/deploying/#publish-self-contained) + [Trimming](https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-self-contained) | [`runtime-deps:8.0-jammy`](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy/amd64/Dockerfile) | 146 MB | 57.9 MB | 36% |
-| [Chiseled](https://github.com/dotnet/dotnet-docker/blob/main/documentation/ubuntu-chiseled.md) + [Self-contained](https://learn.microsoft.com/en-us/dotnet/core/deploying/#publish-self-contained) + [Trimming](https://learn.microsoft.com/en-us/dotnet/core/deploying/trimming/trim-self-contained) | [`runtime-deps:8.0-jammy-chiseled`](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile)| 39.3 MB | 16.4 MB | 82% |
-| [Native AOT](https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/) | [`runtime-deps:8.0-jammy-chiseled`](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile)| 27.7 MB | 12.4 MB | 86% |
+| [Self-contained](https://learn.microsoft.com/dotnet/core/deploying/#publish-self-contained) + [Trimming](https://learn.microsoft.com/dotnet/core/deploying/trimming/trim-self-contained) | [`runtime-deps:8.0-jammy`](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy/amd64/Dockerfile) | 146 MB | 57.9 MB | 36% |
+| [Chiseled](https://github.com/dotnet/dotnet-docker/blob/main/documentation/ubuntu-chiseled.md) + [Self-contained](https://learn.microsoft.com/dotnet/core/deploying/#publish-self-contained) + [Trimming](https://learn.microsoft.com/dotnet/core/deploying/trimming/trim-self-contained) | [`runtime-deps:8.0-jammy-chiseled`](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile)| 39.3 MB | 16.4 MB | 82% |
+| [Native AOT](https://learn.microsoft.com/dotnet/core/deploying/native-aot/) | [`runtime-deps:8.0-jammy-chiseled`](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime-deps/8.0/jammy-chiseled/amd64/Dockerfile)| 27.7 MB | 12.4 MB | 86% |
 
 For more information on .NET image variants and AOT images, please see the following documentation:
 

@@ -79,7 +79,7 @@ If the script above returns an error indicating it's unable to resolve a multi-a
 The following scripts indicate how to do that.
 
 If you're targeting Windows containers, you'll need to determine the Windows build number of the image you're targeting.
-To do this, find the Windows version number that is listed on the [Windows Docker Hub page](https://mcr.microsoft.com/en-us/product/windows/nanoserver/about).
+To do this, find the Windows version number that is listed on the [Windows Docker Hub page](https://mcr.microsoft.com/artifact/mar/windows/nanoserver/about).
 For example, if you're targeting Windows Server 2022 LTSC, look for the `ltsc2022` tag and find its corresponding build number in the OS Version column.
 You only need the first three parts of the version number.
 In the case of Windows Server 2022, it's `10.0.20348`.
@@ -133,7 +133,7 @@ The simple rule to follow: only the tags shown in our full tag listings are supp
 * [monitor-base](../README.monitor-base.md#full-tag-listing)
 * [aspire-dashboard](../README.aspire-dashboard.md#full-tag-listing)
 * [samples](../README.samples.md#full-tag-listing)
-* [Microsoft Artifact Registry](https://mcr.microsoft.com/en-us/catalog?search=dotnet/)
+* [Microsoft Artifact Registry](https://mcr.microsoft.com/catalog?search=dotnet/)
 
 #### Image Lifecycle Annotations
 

@@ -7,7 +7,7 @@ parameters:
   type: boolean
   default: false
   displayName: CG Dry Run
-# See https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-install-script#options for possible Channel values
+# See https://learn.microsoft.com/dotnet/core/tools/dotnet-install-script#options for possible Channel values
 - name: dotnetVersionChannel
   type: string
   default: '9.0'

@@ -10,7 +10,7 @@
         ^
 
     _ Documentation for using Managed Identity/OAuth tokens to access Azure storage accounts:
-        https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#call-storage-operations-with-oauth-tokens ^
+        https://learn.microsoft.com/rest/api/storageservices/authorize-with-azure-active-directory#call-storage-operations-with-oauth-tokens ^
 
     for i, file in ARGS["files"]:{{
         if (find(file["url"], "dotnetstage") >= 0):{{

@@ -10,7 +10,7 @@
         ^
 
     _ Documentation for using Managed Identity/OAuth tokens to access Azure storage accounts:
-        https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#call-storage-operations-with-oauth-tokens ^
+        https://learn.microsoft.com/rest/api/storageservices/authorize-with-azure-active-directory#call-storage-operations-with-oauth-tokens ^
 
     set isInternal(url) to:{{
         return find(url, "dotnetstage") >= 0

@@ -1,5 +1,5 @@
 [*.cs]
 # CS1591: Missing XML comment for publicly visible type or member
-# https://learn.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-messages/cs1591
+# https://learn.microsoft.com/dotnet/csharp/language-reference/compiler-messages/cs1591
 # Since this is a shared project, public members should be documented.
 dotnet_diagnostic.CS1591.severity = suggestion
@@ -14,7 +14,7 @@ public class AzdoAuthProvider
     /// This scope provides access to Azure DevOps Services REST API.
     /// </summary>
     /// <remarks>
-    /// See https://learn.microsoft.com/en-us/rest/api/azure/devops/tokens/?view=azure-devops-rest-7.1&tabs=powershell#personal-access-tokens-pats
+    /// See https://learn.microsoft.com/rest/api/azure/devops/tokens/?view=azure-devops-rest-7.1&tabs=powershell#personal-access-tokens-pats
     /// </remarks
     private const string Scope = "499b84ac-1321-427f-aa17-267ca6975798/.default";
 

@@ -146,7 +146,7 @@ dotnet publish \
 ```
 
 These properties can also be [specified in your project file](https://learn.microsoft.com/visualstudio/msbuild/property-element-msbuild).
-For a full list of supported properties, see the [.NET SDK publishing reference](https://learn.microsoft.com/en-us/dotnet/core/containers/publish-configuration).
+For a full list of supported properties, see the [.NET SDK publishing reference](https://learn.microsoft.com/dotnet/core/containers/publish-configuration).
 
 ## Supported Linux distros
 

@@ -8,7 +8,7 @@
 builder.Services.AddHealthChecks();
 
 // Enable source generated JSON serialization
-// https://learn.microsoft.com/en-us/dotnet/standard/serialization/system-text-json/source-generation#source-generation-support-in-aspnet-core
+// https://learn.microsoft.com/dotnet/standard/serialization/system-text-json/source-generation#source-generation-support-in-aspnet-core
 builder.Services.AddControllers().AddJsonOptions(options =>
     options.JsonSerializerOptions.TypeInfoResolverChain.Add(SampleAppJsonSerializerContext.Default));
 
@@ -54,7 +54,7 @@
 app.Run();
 
 // Enable source generated JSON serialization
-// https://learn.microsoft.com/en-us/dotnet/standard/serialization/system-text-json/source-generation#source-generation-support-in-aspnet-core
+// https://learn.microsoft.com/dotnet/standard/serialization/system-text-json/source-generation#source-generation-support-in-aspnet-core
 [JsonSerializable(typeof(EnvironmentInfo))]
 [JsonSerializable(typeof(Operation))]
 internal partial class SampleAppJsonSerializerContext : JsonSerializerContext { }
@@ -65,7 +65,7 @@ These instructions assume that you have cloned the repository locally, and that
 
 This scenario relies on [volume mounting](https://docs.docker.com/engine/admin/volumes/volumes/) (that's the `-v` argument) to make source available within the container (to build it). You may need to enable [shared drives (Windows)](https://docs.docker.com/docker-for-windows/#shared-drives) or [file sharing (macOS)](https://docs.docker.com/docker-for-mac/#file-sharing) first.
 
-`dotnet publish` (and `build`) produces native executables for applications. If you use a Linux container, you will build a Linux executable that will not run on Windows or macOS. You can use a [runtime argument](https://docs.microsoft.com/en-us/dotnet/core/rid-catalog) (`-r`) to specify the type of assets that you want to publish (if they don't match the SDK container). The following examples assume you want assets that match your host operating system, and use runtime arguments to ensure that.
+`dotnet publish` (and `build`) produces native executables for applications. If you use a Linux container, you will build a Linux executable that will not run on Windows or macOS. You can use a [runtime argument](https://docs.microsoft.com/dotnet/core/rid-catalog) (`-r`) to specify the type of assets that you want to publish (if they don't match the SDK container). The following examples assume you want assets that match your host operating system, and use runtime arguments to ensure that.
 
 ### Pull SDK image
 
@@ -137,7 +137,7 @@ docker run --rm -v ${pwd}:c:\app -w c:\app mcr.microsoft.com/dotnet/sdk:9.0-nano
 ```
 
 > [!WARNING]
-> From .NET 8 onwards, [.NET multi-platform images are Linux-only](https://learn.microsoft.com/en-us/dotnet/core/compatibility/containers/8.0/multi-platform-tags).
+> From .NET 8 onwards, [.NET multi-platform images are Linux-only](https://learn.microsoft.com/dotnet/core/compatibility/containers/8.0/multi-platform-tags).
 > This means Windows containers must all be referenced by a full tag name including the specific Windows version.
 
 You can see the built binaries with the following command:

@@ -2,7 +2,7 @@
 
 You can deploy ASP.NET Core applications to Azure Container Instances (ACI) with Docker. ACI is a great option for application testing and can also be used for production deployment (not covered here). These instructions are based on the [ASP.NET Core Docker Sample](README.md).
 
-These instructions work for both Linux and Windows based images.  Be aware that ACI does not support all versions of Windows images.  See [What Windows base OS images are supported](https://docs.microsoft.com/en-us/azure/container-instances/container-instances-faq#what-windows-base-os-images-are-supported) for details.
+These instructions work for both Linux and Windows based images.  Be aware that ACI does not support all versions of Windows images.  See [What Windows base OS images are supported](https://docs.microsoft.com/azure/container-instances/container-instances-faq#what-windows-base-os-images-are-supported) for details.
 
 ## Build Application