Bump Asp.Versioning.Mvc and 38 others

[dependabot]

Updated Asp.Versioning.Mvc from 8.1.1 to 10.0.0.

Release notes

Sourced from Asp.Versioning.Mvc's releases.

10.0.0

The official release for 10.0 is here! In addition to the changes in the preview releases, there are a few additional changes.

Features

All Platforms

• ApiVersionAttribute, MapToVersionAttribute, and AdvertiseApiVersionsAttribute all now have a constructor which can support the date format without being a string; for example, [ApiVersion(2026, 04, 01)]

ASP.NET Core OpenAPI

• XmlCommentsTransformer is now resolved via DI, which allows it to be re-registered with a user-defined file path
• Public types and members are now virtual for developer extensibility

Fixes

ASP.NET Core OpenAPI

• Fix comparison between entry and calling assembly (#​1175)
• Ensure keyed services are registered with a lowercase key (#​1176)
• Fix nested key service resolution (#​1177)
• Implement IKeyedServiceProvider when injecting ApiVersion (#​1178)

Breaking Changes

ASP.NET Core OpenAPI

• OpenAPI documents use "enum": ["1.0"] instead of "default": "1.0"
  • This has a similar effect, but removes the free-form input when the value is bounded
  • When optional, the enum value can still be deleted/removed
  • Some UIs, such as Scalar, still provide a way to provide an enumerated value that isn't in the list

Release Notes

• Asp.Versioning.OData is being released as rc.1 because Microsoft.AspNetCore.OData is only at preview.2
• Asp.Versioning.OpenAPI is being released as rc.1 pending the outcome of dotnet/aspnetcore#​66408
  • If the package can be released without requiring the explicit use of Reflection, that is the preference
  • No additional changes are planned unless bugs are reported

Feedback

Thanks to the contributors on this release whether it was code contributions or test driving the previews. Special thanks to @​sander1095 for being a strong advocate and helping to bring even more visibility to the project.

10.0.0-preview.2

This release is a quick iteration which contains minor fixes based on feedback from Preview 1.

Trying out previews is always a big ask. The OpenAPI extensions are net new, so I really am looking for some community support to flush out any edge cases I may have been missed before releasing officially. All other libraries are stable.

Aside from whatever the community may report, there are only two final things I'm considering for the final release:

1. gRPC versioning support, which I'm waiting on grpc/grpc-dotnet#​2690 and grpc/grpc-dotnet#​2693
2. Coordination with Microsoft to open up types in Microsoft.AspNetCore.OpenAPI so I don't have to resort to Reflection for integration

If these are not able to be completed within the next few weeks, then I will officially release the stable libraries. The gRPC support will then come in a future, likely minor version, release. The OpenAPI extensions may stay in preview as AOT will likely be broken.

Features

All Platforms

• Support _ prefix character when extracting API versions from a .NET namespace (#​1172)
• Generate software bill of materials (SBOM) (#​1100)

Fixes

ASP.NET Core with OpenAPI

• Build-time OpenAPI documents have empty paths (#​1165, #​1168)
• Missing XML Comments (#​1169)
• Support <example> tags (#​1170)

Breaking Changes

The OpenAPI extensions for API Versioning (e.g. x-api-versioning) will now use a nested links property rather than a simple array. This allows the schema to be open for possible future enhancements.

Preview 1

{
    "x-api-versioning":
    [
        {
            "title": "Version Policy",
            "type": "text/html",
            "rel": "info",
            "url": "http://my.api.com/policies/versioning.html"
        }
    ]
}

Preview 2+

{
 ... (truncated)

## 10.0.0-preview.1

This is a major release that includes new, publicly visible API changes as well as a rollup of bug fixes. This is an initial preview release that is primarily focused on improving OpenAPI integration. Additional features will come in the next preview. The wiki has not be fully updated - yet, but that will also occur in the near future.

These are preview features and changes. Please report issues if you find them. Feel free to start a [discussion](../../discussions) about the changes in the forthcoming official release.

# Features

## All Platforms

- Support for the `deprecation` response header as defined by [RFC 9745](https://www.rfc-editor.org/rfc/rfc9745.html) (#​1128)

## ASP.NET Core

- Integration with the [Microsoft.AspNetCore.OpenApi](https://www.nuget.org/packages/Microsoft.AspNetCore.OpenApi) library
  - These features in the new [Asp.Versioning.OpenApi](https://www.nuget.org/packages/Asp.Versioning.OpenApi) library
  - OpenAPI documents are now generated per API version
  - Sunset and deprecation policies are automatically included with standard (English) text, but can be customized
  - Sunset and deprecation policies links are included in OpenAPI documents via the `x-api-versioning` extension
  - The versioned `HttpClient` can now read and report on sunset and deprecation policies
  - All [example projects](../../tree/main/examples/AspNetCore) have been updated to use [Scalar](https://scalar.com/)

### Example

The following provides an example of a bare minimum setup:

```c#
var builder = WebApplication.CreateBuilder( args );
var services = builder.Services;

services.AddApiVersioning()
        .AddApiExplorer()
        .AddOpenApi();

var app = builder.Build();
var hello = app.NewVersionedApi( "HelloWorld" );
var v1 = hello.MapGroup( "/hello-world" ).HasApiVersion( 1.0 );
var v2 = hello.MapGroup( "/hello-world" ).HasApiVersion( 2.0 );

v1.MapGet( "/", ( ApiVersion version ) => $"Hello world from v{version}" );
v2.MapGet( "/", ( ApiVersion version ) => $"Hello world from v{version}" );

if ( app.Environment.IsDevelopment() )
{
    app.MapOpenApi().WithDocumentPerVersion();
}

app.Run();

The key differences from what you may be currently doing:

... (truncated)

Commits viewable in compare view.

Updated Asp.Versioning.Mvc.ApiExplorer from 8.1.1 to 10.0.0.

Release notes

Sourced from Asp.Versioning.Mvc.ApiExplorer's releases.

10.0.0

The official release for 10.0 is here! In addition to the changes in the preview releases, there are a few additional changes.

Features

All Platforms

• ApiVersionAttribute, MapToVersionAttribute, and AdvertiseApiVersionsAttribute all now have a constructor which can support the date format without being a string; for example, [ApiVersion(2026, 04, 01)]

ASP.NET Core OpenAPI

• XmlCommentsTransformer is now resolved via DI, which allows it to be re-registered with a user-defined file path
• Public types and members are now virtual for developer extensibility

Fixes

ASP.NET Core OpenAPI

• Fix comparison between entry and calling assembly (#​1175)
• Ensure keyed services are registered with a lowercase key (#​1176)
• Fix nested key service resolution (#​1177)
• Implement IKeyedServiceProvider when injecting ApiVersion (#​1178)

Breaking Changes

ASP.NET Core OpenAPI

• OpenAPI documents use "enum": ["1.0"] instead of "default": "1.0"
  • This has a similar effect, but removes the free-form input when the value is bounded
  • When optional, the enum value can still be deleted/removed
  • Some UIs, such as Scalar, still provide a way to provide an enumerated value that isn't in the list

Release Notes

• Asp.Versioning.OData is being released as rc.1 because Microsoft.AspNetCore.OData is only at preview.2
• Asp.Versioning.OpenAPI is being released as rc.1 pending the outcome of dotnet/aspnetcore#​66408
  • If the package can be released without requiring the explicit use of Reflection, that is the preference
  • No additional changes are planned unless bugs are reported

Feedback

Thanks to the contributors on this release whether it was code contributions or test driving the previews. Special thanks to @​sander1095 for being a strong advocate and helping to bring even more visibility to the project.

10.0.0-preview.2

This release is a quick iteration which contains minor fixes based on feedback from Preview 1.

Trying out previews is always a big ask. The OpenAPI extensions are net new, so I really am looking for some community support to flush out any edge cases I may have been missed before releasing officially. All other libraries are stable.

Aside from whatever the community may report, there are only two final things I'm considering for the final release:

1. gRPC versioning support, which I'm waiting on grpc/grpc-dotnet#​2690 and grpc/grpc-dotnet#​2693
2. Coordination with Microsoft to open up types in Microsoft.AspNetCore.OpenAPI so I don't have to resort to Reflection for integration

If these are not able to be completed within the next few weeks, then I will officially release the stable libraries. The gRPC support will then come in a future, likely minor version, release. The OpenAPI extensions may stay in preview as AOT will likely be broken.

Features

All Platforms

• Support _ prefix character when extracting API versions from a .NET namespace (#​1172)
• Generate software bill of materials (SBOM) (#​1100)

Fixes

ASP.NET Core with OpenAPI

• Build-time OpenAPI documents have empty paths (#​1165, #​1168)
• Missing XML Comments (#​1169)
• Support <example> tags (#​1170)

Breaking Changes

The OpenAPI extensions for API Versioning (e.g. x-api-versioning) will now use a nested links property rather than a simple array. This allows the schema to be open for possible future enhancements.

Preview 1

{
    "x-api-versioning":
    [
        {
            "title": "Version Policy",
            "type": "text/html",
            "rel": "info",
            "url": "http://my.api.com/policies/versioning.html"
        }
    ]
}

Preview 2+

{
 ... (truncated)

## 10.0.0-preview.1

This is a major release that includes new, publicly visible API changes as well as a rollup of bug fixes. This is an initial preview release that is primarily focused on improving OpenAPI integration. Additional features will come in the next preview. The wiki has not be fully updated - yet, but that will also occur in the near future.

These are preview features and changes. Please report issues if you find them. Feel free to start a [discussion](../../discussions) about the changes in the forthcoming official release.

# Features

## All Platforms

- Support for the `deprecation` response header as defined by [RFC 9745](https://www.rfc-editor.org/rfc/rfc9745.html) (#​1128)

## ASP.NET Core

- Integration with the [Microsoft.AspNetCore.OpenApi](https://www.nuget.org/packages/Microsoft.AspNetCore.OpenApi) library
  - These features in the new [Asp.Versioning.OpenApi](https://www.nuget.org/packages/Asp.Versioning.OpenApi) library
  - OpenAPI documents are now generated per API version
  - Sunset and deprecation policies are automatically included with standard (English) text, but can be customized
  - Sunset and deprecation policies links are included in OpenAPI documents via the `x-api-versioning` extension
  - The versioned `HttpClient` can now read and report on sunset and deprecation policies
  - All [example projects](../../tree/main/examples/AspNetCore) have been updated to use [Scalar](https://scalar.com/)

### Example

The following provides an example of a bare minimum setup:

```c#
var builder = WebApplication.CreateBuilder( args );
var services = builder.Services;

services.AddApiVersioning()
        .AddApiExplorer()
        .AddOpenApi();

var app = builder.Build();
var hello = app.NewVersionedApi( "HelloWorld" );
var v1 = hello.MapGroup( "/hello-world" ).HasApiVersion( 1.0 );
var v2 = hello.MapGroup( "/hello-world" ).HasApiVersion( 2.0 );

v1.MapGet( "/", ( ApiVersion version ) => $"Hello world from v{version}" );
v2.MapGet( "/", ( ApiVersion version ) => $"Hello world from v{version}" );

if ( app.Environment.IsDevelopment() )
{
    app.MapOpenApi().WithDocumentPerVersion();
}

app.Run();

The key differences from what you may be currently doing:

... (truncated)

Commits viewable in compare view.

Pinned ErrorOr at 2.1.1.

Release notes

Sourced from ErrorOr's releases.

2.1.1

new Release with many new features:

• Some minor Fixes
• Support for .NET 8 was added
• Support for .NET 10 was added
• Added missing async versions of FailIf methods
• Added FailIf method overloads that allow to use value in error definition using Func<TValue, Error> error builder
• Added ElseDo and ElseDoAsync methods
• Added Else/ElseAsync overloads returning ErrorOr
• Added Else/ElseAsync overloads returning ErrorOr
• Added ToErrorOrAsync method
• Added missing ErrorOrFactory.From methods
• Added missing collection expression support
• Added FromAsync and missing ToErrorOrAsync methods
• Added ThenEnsure and ThenEnsureAsync methods
• Added IsSuccess property to ErrorOr

Commits viewable in compare view.

Updated HotChocolate.AspNetCore from 15.1.12 to 16.0.9.

Release notes

Sourced from HotChocolate.AspNetCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated HotChocolate.AspNetCore.Authorization from 15.1.12 to 16.0.9.

Release notes

Sourced from HotChocolate.AspNetCore.Authorization's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated HotChocolate.Data.EntityFramework from 15.1.12 to 16.0.9.

Release notes

Sourced from HotChocolate.Data.EntityFramework's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated HotChocolate.Diagnostics from 15.1.12 to 16.0.9.

Release notes

Sourced from HotChocolate.Diagnostics's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Keycloak.AuthServices.Authentication from 2.8.0 to 3.0.0.

Release notes

Sourced from Keycloak.AuthServices.Authentication's releases.

3.0.0

• feat(aspire): external DB support, issuer pinning, version bumps by @​NikiforovAll (#​253)
• [KeyBot] fix: propagate RequestAborted in UmaAuthorizationMiddlewareResultHandler by @​github-actions (#​250)
• [KeyBot] fix: propagate CancellationToken in UmaTokenHandler.CloneRequestAsync by @​github-actions (#​252)
• [KeyBot] fix: propagate HttpContext.RequestAborted in authorization handlers by @​github-actions (#​249)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

3.0.0-rc.1

• feat: UMA Support by @​NikiforovAll (#​248)
• feat!: 3.0.0 release preparation by @​NikiforovAll (#​247)

👨🏼‍💻 Contributors

@​NikiforovAll

2.10.0-rc.1

• [KeyBot] perf: avoid HashSet allocation in role requirement handlers by @​github-actions (#​221)
• [KeyBot] docs: improve XML documentation in PoliciesBuilderExtensions and KeycloakAuthorizationServerOptions by @​github-actions (#​237)
• feat(authorization): add Audience override for per-resource UMA ticket exchange by @​NikiforovAll (#​246)
• [KeyBot] eng: add startup validators for Keycloak SDK client options by @​github-actions (#​239)
• feat: add client_secret_jwt sample by @​NikiforovAll (#​245)
• [KeyBot] test: add WebAppAuthenticationRegistrationTests for OIDC/Cookie options by @​github-actions (#​240)
• fix: add support cookie-based Web App token retrieval (#​104) by @​github-actions (#​223)
• chore(docs): update dependencies to fix security vulnerabilities by @​NikiforovAll (#​231)
• [KeyBot] fix: correct nameof() in requirement handler log messages and add missing XML docs by @​github-actions (#​228)
• fix(keybot): use correct template variables in status messages by @​NikiforovAll (#​222)
• fix(keybot): use explicit --repo flag in pre-step gh commands by @​NikiforovAll (#​219)
• Add agentic workflow repo-assist by @​NikiforovAll (#​217)

🚀 New Features

• [KeyBot] feat: add AdditionalAudiences to KeycloakAuthenticationOptions by @​github-actions (#​235)

🐛 Bug Fixes

• [KeyBot] fix: handle non-JSON error bodies in EnsureResponseAsync by @​github-actions (#​244)
• [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
• [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)

🧰 Maintenance

• [KeyBot] perf: single-pass org claims scan and avoid ToArray in VerificationPlan by @​github-actions (#​238)
• [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
• [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)
• [KeyBot] refactor: improve VerificationPlan enumerator and clear logic by @​github-actions (#​226)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

2.9.0

• docs: update keycloak-auth-services skill with missing features by @​NikiforovAll (#​215)
• chore: update template packages for 2.9.0 release by @​NikiforovAll (#​214)
• feat: add IKeycloakAccessTokenProvider for dynamic token overriding by @​NikiforovAll (#​213)
• feat: add token introspection for lightweight access tokens by @​NikiforovAll (#​210)
• feat: support OAuth 2.0 Server Metadata discovery (RFC 8414) by @​NikiforovAll (#​212)
• feat: add IProtectedResourcePolicyBuilder for extensible policy construction by @​NikiforovAll (#​209)
• feat: allow configurable claim type for organization membership parsing by @​NikiforovAll (#​208)
• feat: add organization-based authorization support by @​NikiforovAll (#​207)
• feat: add pluggable parameter resolution for protected resource authorization by @​NikiforovAll (#​205)
• chore: update dependencies by @​NikiforovAll (#​203)
• docs: revive docs-reference submodule with updated API reference by @​NikiforovAll (#​202)

👨🏼‍💻 Contributors

@​NikiforovAll

2.8.1

• chore: update Kiota client to Keycloak 26.5.6 by @​NikiforovAll (#​194)

👨🏼‍💻 Contributors

@​NikiforovAll

Commits viewable in compare view.

Updated Keycloak.AuthServices.Authorization from 2.8.0 to 3.0.0.

Release notes

Sourced from Keycloak.AuthServices.Authorization's releases.

3.0.0

• feat(aspire): external DB support, issuer pinning, version bumps by @​NikiforovAll (#​253)
• [KeyBot] fix: propagate RequestAborted in UmaAuthorizationMiddlewareResultHandler by @​github-actions (#​250)
• [KeyBot] fix: propagate CancellationToken in UmaTokenHandler.CloneRequestAsync by @​github-actions (#​252)
• [KeyBot] fix: propagate HttpContext.RequestAborted in authorization handlers by @​github-actions (#​249)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

3.0.0-rc.1

• feat: UMA Support by @​NikiforovAll (#​248)
• feat!: 3.0.0 release preparation by @​NikiforovAll (#​247)

👨🏼‍💻 Contributors

@​NikiforovAll

2.10.0-rc.1

• [KeyBot] perf: avoid HashSet allocation in role requirement handlers by @​github-actions (#​221)
• [KeyBot] docs: improve XML documentation in PoliciesBuilderExtensions and KeycloakAuthorizationServerOptions by @​github-actions (#​237)
• feat(authorization): add Audience override for per-resource UMA ticket exchange by @​NikiforovAll (#​246)
• [KeyBot] eng: add startup validators for Keycloak SDK client options by @​github-actions (#​239)
• feat: add client_secret_jwt sample by @​NikiforovAll (#​245)
• [KeyBot] test: add WebAppAuthenticationRegistrationTests for OIDC/Cookie options by @​github-actions (#​240)
• fix: add support cookie-based Web App token retrieval (#​104) by @​github-actions (#​223)
• chore(docs): update dependencies to fix security vulnerabilities by @​NikiforovAll (#​231)
• [KeyBot] fix: correct nameof() in requirement handler log messages and add missing XML docs by @​github-actions (#​228)
• fix(keybot): use correct template variables in status messages by @​NikiforovAll (#​222)
• fix(keybot): use explicit --repo flag in pre-step gh commands by @​NikiforovAll (#​219)
• Add agentic workflow repo-assist by @​NikiforovAll (#​217)

🚀 New Features

• [KeyBot] feat: add AdditionalAudiences to KeycloakAuthenticationOptions by @​github-actions (#​235)

🐛 Bug Fixes

• [KeyBot] fix: handle non-JSON error bodies in EnsureResponseAsync by @​github-actions (#​244)
• [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
• [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)

🧰 Maintenance

• [KeyBot] perf: single-pass org claims scan and avoid ToArray in VerificationPlan by @​github-actions (#​238)
• [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
• [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)
• [KeyBot] refactor: improve VerificationPlan enumerator and clear logic by @​github-actions (#​226)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

2.9.0

• docs: update keycloak-auth-services skill with missing features by @​NikiforovAll (#​215)
• chore: update template packages for 2.9.0 release by @​NikiforovAll (#​214)
• feat: add IKeycloakAccessTokenProvider for dynamic token overriding by @​NikiforovAll (#​213)
• feat: add token introspection for lightweight access tokens by @​NikiforovAll (#​210)
• feat: support OAuth 2.0 Server Metadata discovery (RFC 8414) by @​NikiforovAll (#​212)
• feat: add IProtectedResourcePolicyBuilder for extensible policy construction by @​NikiforovAll (#​209)
• feat: allow configurable claim type for organization membership parsing by @​NikiforovAll (#​208)
• feat: add organization-based authorization support by @​NikiforovAll (#​207)
• feat: add pluggable parameter resolution for protected resource authorization by @​NikiforovAll (#​205)
• chore: update dependencies by @​NikiforovAll (#​203)
• docs: revive docs-reference submodule with updated API reference by @​NikiforovAll (#​202)

👨🏼‍💻 Contributors

@​NikiforovAll

2.8.1

• chore: update Kiota client to Keycloak 26.5.6 by @​NikiforovAll (#​194)

👨🏼‍💻 Contributors

@​NikiforovAll

Commits viewable in compare view.

Pinned Keycloak.AuthServices.Sdk at 3.0.0.

Release notes

Sourced from Keycloak.AuthServices.Sdk's releases.

3.0.0

• feat(aspire): external DB support, issuer pinning, version bumps by @​NikiforovAll (#​253)
• [KeyBot] fix: propagate RequestAborted in UmaAuthorizationMiddlewareResultHandler by @​github-actions (#​250)
• [KeyBot] fix: propagate CancellationToken in UmaTokenHandler.CloneRequestAsync by @​github-actions (#​252)
• [KeyBot] fix: propagate HttpContext.RequestAborted in authorization handlers by @​github-actions (#​249)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

3.0.0-rc.1

• feat: UMA Support by @​NikiforovAll (#​248)
• feat!: 3.0.0 release preparation by @​NikiforovAll (#​247)

👨🏼‍💻 Contributors

@​NikiforovAll

2.10.0-rc.1

• [KeyBot] perf: avoid HashSet allocation in role requirement handlers by @​github-actions (#​221)
• [KeyBot] docs: improve XML documentation in PoliciesBuilderExtensions and KeycloakAuthorizationServerOptions by @​github-actions (#​237)
• feat(authorization): add Audience override for per-resource UMA ticket exchange by @​NikiforovAll (#​246)
• [KeyBot] eng: add startup validators for Keycloak SDK client options by @​github-actions (#​239)
• feat: add client_secret_jwt sample by @​NikiforovAll (#​245)
• [KeyBot] test: add WebAppAuthenticationRegistrationTests for OIDC/Cookie options by @​github-actions (#​240)
• fix: add support cookie-based Web App token retrieval (#​104) by @​github-actions (#​223)
• chore(docs): update dependencies to fix security vulnerabilities by @​NikiforovAll (#​231)
• [KeyBot] fix: correct nameof() in requirement handler log messages and add missing XML docs by @​github-actions (#​228)
• fix(keybot): use correct template variables in status messages by @​NikiforovAll (#​222)
• fix(keybot): use explicit --repo flag in pre-step gh commands by @​NikiforovAll (#​219)
• Add agentic workflow repo-assist by @​NikiforovAll (#​217)

🚀 New Features

• [KeyBot] feat: add AdditionalAudiences to KeycloakAuthenticationOptions by @​github-actions (#​235)

🐛 Bug Fixes

• [KeyBot] fix: handle non-JSON error bodies in EnsureResponseAsync by @​github-actions (#​244)
• [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
• [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)

🧰 Maintenance

• [KeyBot] perf: single-pass org claims scan and avoid ToArray in VerificationPlan by @​github-actions (#​238)
• [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
• [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)
• [KeyBot] refactor: improve VerificationPlan enumerator and clear logic by @​github-actions (#​226)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

2.9.0

• docs: update keycloak-auth-services skill with missing features by @​NikiforovAll (#​215)
• chore: update template packages for 2.9.0 release by @​NikiforovAll (#​214)
• feat: add IKeycloakAccessTokenProvider for dynamic token overriding by @​NikiforovAll (#​213)
• feat: add token introspection for lightweight access tokens by @​NikiforovAll (#​210)
• feat: support OAuth 2.0 Server Metadata discovery (RFC 8414) by @​NikiforovAll (#​212)
• feat: add IProtectedResourcePolicyBuilder for extensible policy construction by @​NikiforovAll (#​209)
• feat: allow configurable claim type for organization membership parsing by @​NikiforovAll (#​208)
• feat: add organization-based authorization support by @​NikiforovAll (#​207)
• feat: add pluggable parameter resolution for protected resource authorization by @​NikiforovAll (#​205)
• chore: update dependencies by @​NikiforovAll (#​203)
• docs: revive docs-reference submodule with updated API reference by @​NikiforovAll (#​202)

👨🏼‍💻 Contributors

@​NikiforovAll

2.8.1

• chore: update Kiota client to Keycloak 26.5.6 by @​NikiforovAll (#​194)

👨🏼‍💻 Contributors

@​NikiforovAll

Commits viewable in compare view.

Pinned MailKit at 4.16.0.

Release notes

Sourced from MailKit's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.OpenIdConnect from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.OpenIdConnect's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.DataProtection.StackExchangeRedis from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.DataProtection.StackExchangeRedis's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OutputCaching.StackExchangeRedis from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.OutputCaching.StackExchangeRedis's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Design from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Design's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.InMemory from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.EntityFrameworkCore.InMemory's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Caching.StackExchangeRedis from 10.0.5 to 10.0.8.

Release notes

Sourced from Microsoft.Extensions.Caching.StackExchangeRedis's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Compliance.Redaction from 10.4.0 to 10.6.0.

Release notes

Sourced from Microsoft.Extensions.Compliance.Redaction's releases.

10.6.0

Version 10.6.0 stabilizes the response continuation token and background-response APIs in Microsoft.Extensions.AI.Abstractions. Most other AI work for May shipped in 10.5.1; this monthly release rolls those changes up alongside dependency updates and a small Resource Monitoring cleanup.

Experimental API Changes

Now Stable

• ResponseContinuationToken and background-response APIs are now stable (previously MEAI001) #​7512

What's Changed

AI

• Stabilize ResponseContinuationToken / background-response APIs #​7512 by @​jozkee (co-authored by @​Copilot)

Repository Infrastructure Updates

• Update version to 10.6.0 #​7458 by @​jeffhandley
• [main] Update dependencies from dotnet/arcade #​7451
• Bump follow-redirects from 1.15.11 to 1.16.0 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport #​7469
• Merge release/10.5 into main #​7470 by @​jeffhandley
• Bump microsoft.visualstudio.slngen.tool from 12.0.13 to 12.0.32 #​7484
• Bump postcss from 8.5.9 to 8.5.12 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7494
• Bump dotnet-reportgenerator-globaltool from 5.5.7 to 5.5.9 #​7504
• Rename release-notes skill to write-release-notes #​7511 by @​jeffhandley (co-authored by @​Copilot)

Acknowledgements

• @​wtgodbe @​tarekgh @​peterwald @​JeremyLikness @​eiriktsarpalis @​ericstj @​evgenyfedorov2 reviewed pull requests

Full Changelog: dotnet/extensions@v10.5.2...v10.6.0

10.5.2

This patch release ships a single fix to Microsoft.Extensions.VectorData.Abstractions, correcting StorageName resolution when external serialization is enabled. Microsoft.Extensions.VectorData.ConformanceTests, Microsoft.Extensions.AI.Abstractions, Microsoft.Extensions.AI, and Microsoft.Extensions.AI.OpenAI are published alongside it for version coherency — they contain no code changes from 10.5.1.

Packages in this release

Package	Version
Microsoft.Extensions.VectorData.Abstractions	10.5.2
Microsoft.Extensions.VectorData.ConformanceTests	10.5.2
Microsoft.Extensions.AI.Abstractions	10.5.2
Microsoft.Extensions.AI	10.5.2
Microsoft.Extensions.AI.OpenAI	10.5.2

What's Changed

Microsoft.Extensions.VectorData.Abstractions

• Minor fixes to MEVD.Abstractions: correct StorageName behavior when external serialization is enabled, and disable a warning for net462. (by @​roji in #​7475)

Full Changelog: dotnet/extensions@v10.5.1...v10.5.2

10.5.1

Version 10.5.1 of the Microsoft.Extensions.AI packages stabilizes CodeInterpreter, WebSearch, and ImageGeneration tool content types. The release adds new experimental tool search and OpenAI request policy hooks. And the OpenTelemetry gen-ai semantic conventions are updated to align with v1.41.

The 'aiagent-webapi' project template in Microsoft.Agents.AI.ProjectTemplates is updated to align with v1.3.0 of Agent Framework, updating the OpenTelemetry dependencies within the template projects as well.

Packages in this release

Package	Version
Microsoft.Extensions.AI	10.5.1
Microsoft.Extensions.AI.Abstractions	10.5.1
Microsoft.Extensions.AI.OpenAI	10.5.1
Microsoft.Extensions.AI.Templates	10.5.1-preview.3.26251.3
Microsoft.Agents.AI.ProjectTemplates	1.3.0-preview.1.26251.3

Experimental API Changes

Now Stable

The following types previously emitted the MEAI001 experimental diagnostic and are now stable.

• CodeInterpreter and WebSearch tool content types are now stable #​7493
  • CodeInterpreterToolCallContent
  • CodeInterpreterToolResultContent
  • WebSearchToolCallContent
  • WebSearchToolResultContent
• ImageGeneration tool content types and tool are now stable #​7476
  • ImageGenerationToolCallContent
  • ImageGenerationToolResultContent
  • HostedImageGenerationTool
  • ImageGenerationOptions
  • ImageGenerationResponseFormat (the Hosted enum value remains experimental)
  • IImageGenerator and the rest of the image generation infrastructure also remain experimental

New Experimental APIs

The following new APIs emit the MEAI001 experimental diagnostic.

• New experimental API: HostedToolSearchTool with DeferredTools for tool-search-driven deferred tool loading #​7471
• New experimental API: OpenAIRequestPolicies extension hook for appending System.ClientModel.PipelinePolicy instances to outgoing OpenAI requests #​7495

Breaking Changes to Experimental APIs

• WebSearchToolResultContent.Results was renamed to Outputs as part of the stabilization in #​7493, aligning with CodeInterpreterToolResultContent.Outputs. The original Results property was included in version 10.4.0 and 10.5.0; this is a binary breaking change and consumers need to update to consume the updated property.

  WebSearchToolResultContent content = ...;
  - IList<AIContent>? items = content.Results;
  + IList<AIContent>? items = content.Outputs;

... (truncated)

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

1. Rename VectorStoreVectorAttribute constructor parameter #​7460
   • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
   • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

• HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

• Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
• Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
• Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
• Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
• Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
• Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
• Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

• Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
• Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

• Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
• Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

• Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

• Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

• Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package	Version
Microsoft.Extensions.AI.Abstractions	10.4.1
Microsoft.Extensions.AI	10.4.1
Microsoft.Extensions.AI.OpenAI	10.4.1

Experimental API Changes

New Experimental APIs

• New experimental API: Realtime Client Sessions #​7285 and #​7399
• New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

• Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

• Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
• Realtime Client Proposal #​7285 by @​tarekgh
• Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
• Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
• Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
• Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
• Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

• Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

• Fix test warnings #​7369 by @​jozkee
• Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

• Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
• Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

• @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
  ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Resilience from 10.4.0 to 10.6.0.

Release notes

Sourced from Microsoft.Extensions.Http.Resilience's releases.

10.6.0

Version 10.6.0 stabilizes the response continuation token and background-response APIs in Microsoft.Extensions.AI.Abstractions. Most other AI work for May shipped in 10.5.1; this monthly release rolls those changes up alongside dependency updates and a small Resource Monitoring cleanup.

Experimental API Changes

Now Stable

• ResponseContinuationToken and background-response APIs are now stable (previously MEAI001) #​7512

What's Changed

AI

• Stabilize ResponseContinuationToken / background-response APIs #​7512 by @​jozkee (co-authored by @​Copilot)

Repository Infrastructure Updates

• Update version to 10.6.0 #​7458 by @​jeffhandley
• [main] Update dependencies from dotnet/arcade #​7451
• Bump follow-redirects from 1.15.11 to 1.16.0 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport #​7469
• Merge release/10.5 into main #​7470 by @​jeffhandley
• Bump microsoft.visualstudio.slngen.tool from 12.0.13 to 12.0.32 #​7484
• Bump postcss from 8.5.9 to 8.5.12 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7494
• Bump dotnet-reportgenerator-globaltool from 5.5.7 to 5.5.9 #​7504
• Rename release-notes skill to write-release-notes #​7511 by @​jeffhandley (co-authored by @​Copilot)

Acknowledgements

• @​wtgodbe @​tarekgh @​peterwald @​JeremyLikness @​eiriktsarpalis @​ericstj @​evgenyfedorov2 reviewed pull requests

Full Changelog: dotnet/extensions@v10.5.2...v10.6.0

10.5.2

This patch release ships a single fix to Microsoft.Extensions.VectorData.Abstractions, correcting StorageName resolution when external serialization is enabled. Microsoft.Extensions.VectorData.ConformanceTests, Microsoft.Extensions.AI.Abstractions, Microsoft.Extensions.AI, and Microsoft.Extensions.AI.OpenAI are published alongside it for version coherency — they contain no code changes from 10.5.1.

Packages in this release

Package	Version
Microsoft.Extensions.VectorData.Abstractions	10.5.2
Microsoft.Extensions.VectorData.ConformanceTests	10.5.2
Microsoft.Extensions.AI.Abstractions	10.5.2
Microsoft.Extensions.AI	10.5.2
Microsoft.Extensions.AI.OpenAI	10.5.2

What's Changed

Microsoft.Extensions.VectorData.Abstractions

• Minor fixes to MEVD.Abstractions: correct StorageName behavior when external serialization is enabled, and disable a warning for net462. (by @​roji in #​7475)

Full Changelog: dotnet/extensions@v10.5.1...v10.5.2

10.5.1

Version 10.5.1 of the Microsoft.Extensions.AI packages stabilizes CodeInterpreter, WebSearch, and ImageGeneration tool content types. The release adds new experimental tool search and OpenAI request policy hooks. And the OpenTelemetry gen-ai semantic conventions are updated to align with v1.41.

The 'aiagent-webapi' project template in Microsoft.Agents.AI.ProjectTemplates is updated to align with v1.3.0 of Agent Framework, updating the OpenTelemetry dependencies within the template projects as well.

Packages in this release

Package	Version
Microsoft.Extensions.AI	10.5.1
Microsoft.Extensions.AI.Abstractions	10.5.1
Microsoft.Extensions.AI.OpenAI	10.5.1
Microsoft.Extensions.AI.Templates	10.5.1-preview.3.26251.3
Microsoft.Agents.AI.ProjectTemplates	1.3.0-preview.1.26251.3

Experimental API Changes

Now Stable

The following types previously emitted the MEAI001 experimental diagnostic and are now stable.

• CodeInterpreter and WebSearch tool content types are now stable #​7493
  • CodeInterpreterToolCallContent
  • CodeInterpreterToolResultContent
  • WebSearchToolCallContent
  • WebSearchToolResultContent
• ImageGeneration tool content types and tool are now stable #​7476
  • ImageGenerationToolCallContent
  • ImageGenerationToolResultContent
  • HostedImageGenerationTool
  • ImageGenerationOptions
  • ImageGenerationResponseFormat (the Hosted enum value remains experimental)
  • IImageGenerator and the rest of the image generation infrastructure also remain experimental

New Experimental APIs

The following new APIs emit the MEAI001 experimental diagnostic.

• New experimental API: HostedToolSearchTool with DeferredTools for tool-search-driven deferred tool loading #​7471
• New experimental API: OpenAIRequestPolicies extension hook for appending System.ClientModel.PipelinePolicy instances to outgoing OpenAI requests #​7495

Breaking Changes to Experimental APIs

• WebSearchToolResultContent.Results was renamed to Outputs as part of the stabilization in #​7493, aligning with CodeInterpreterToolResultContent.Outputs. The original Results property was included in version 10.4.0 and 10.5.0; this is a binary breaking change and consumers need to update to consume the updated property.

  WebSearchToolResultContent content = ...;
  - IList<AIContent>? items = content.Results;
  + IList<AIContent>? items = content.Outputs;

... (truncated)

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

1. Rename VectorStoreVectorAttribute constructor parameter #​7460
   • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
   • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

• HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

• Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
• Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
• Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
• Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
• Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
• Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
• Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

• Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
• Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

• Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
• Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

• Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

• Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

• Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package	Version
Microsoft.Extensions.AI.Abstractions	10.4.1
Microsoft.Extensions.AI	10.4.1
Microsoft.Extensions.AI.OpenAI	10.4.1

Experimental API Changes

New Experimental APIs

• New experimental API: Realtime Client Sessions #​7285 and #​7399
• New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

• Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

• Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
• Realtime Client Proposal #​7285 by @​tarekgh
• Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
• Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
• Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
• Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
• Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

• Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

• Fix test warnings #​7369 by @​jozkee
• Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

• Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
• Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

• @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
  ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Extensions.Resilience from 10.4.0 to 10.6.0.

Release notes

Sourced from Microsoft.Extensions.Resilience's releases.

10.6.0

Version 10.6.0 stabilizes the response continuation token and background-response APIs in Microsoft.Extensions.AI.Abstractions. Most other AI work for May shipped in 10.5.1; this monthly release rolls those changes up alongside dependency updates and a small Resource Monitoring cleanup.

Experimental API Changes

Now Stable

• ResponseContinuationToken and background-response APIs are now stable (previously MEAI001) #​7512

What's Changed

AI

• Stabilize ResponseContinuationToken / background-response APIs #​7512 by @​jozkee (co-authored by @​Copilot)

Repository Infrastructure Updates

• Update version to 10.6.0 #​7458 by @​jeffhandley
• [main] Update dependencies from dotnet/arcade #​7451
• Bump follow-redirects from 1.15.11 to 1.16.0 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport #​7469
• Merge release/10.5 into main #​7470 by @​jeffhandley
• Bump microsoft.visualstudio.slngen.tool from 12.0.13 to 12.0.32 #​7484
• Bump postcss from 8.5.9 to 8.5.12 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7494
• Bump dotnet-reportgenerator-globaltool from 5.5.7 to 5.5.9 #​7504
• Rename release-notes skill to write-release-notes #​7511 by @​jeffhandley (co-authored by @​Copilot)

Acknowledgements

• @​wtgodbe @​tarekgh @​peterwald @​JeremyLikness @​eiriktsarpalis @​ericstj @​evgenyfedorov2 reviewed pull requests

Full Changelog: dotnet/extensions@v10.5.2...v10.6.0

10.5.2

This patch release ships a single fix to Microsoft.Extensions.VectorData.Abstractions, correcting StorageName resolution when external serialization is enabled. Microsoft.Extensions.VectorData.ConformanceTests, Microsoft.Extensions.AI.Abstractions, Microsoft.Extensions.AI, and Microsoft.Extensions.AI.OpenAI are published alongside it for version coherency — they contain no code changes from 10.5.1.

Packages in this release

Package	Version
Microsoft.Extensions.VectorData.Abstractions	10.5.2
Microsoft.Extensions.VectorData.ConformanceTests	10.5.2
Microsoft.Extensions.AI.Abstractions	10.5.2
Microsoft.Extensions.AI	10.5.2
Microsoft.Extensions.AI.OpenAI	10.5.2

What's Changed

Microsoft.Extensions.VectorData.Abstractions

• Minor fixes to MEVD.Abstractions: correct StorageName behavior when external serialization is enabled, and disable a warning for net462. (by @​roji in #​7475)

Full Changelog: dotnet/extensions@v10.5.1...v10.5.2

10.5.1

Version 10.5.1 of the Microsoft.Extensions.AI packages stabilizes CodeInterpreter, WebSearch, and ImageGeneration tool content types. The release adds new experimental tool search and OpenAI request policy hooks. And the OpenTelemetry gen-ai semantic conventions are updated to align with v1.41.

The 'aiagent-webapi' project template in Microsoft.Agents.AI.ProjectTemplates is updated to align with v1.3.0 of Agent Framework, updating the OpenTelemetry dependencies within the template projects as well.

Packages in this release

Package	Version
Microsoft.Extensions.AI	10.5.1
Microsoft.Extensions.AI.Abstractions	10.5.1
Microsoft.Extensions.AI.OpenAI	10.5.1
Microsoft.Extensions.AI.Templates	10.5.1-preview.3.26251.3
Microsoft.Agents.AI.ProjectTemplates	1.3.0-preview.1.26251.3

Experimental API Changes

Now Stable

The following types previously emitted the MEAI001 experimental diagnostic and are now stable.

• CodeInterpreter and WebSearch tool content types are now stable #​7493
  • CodeInterpreterToolCallContent
  • CodeInterpreterToolResultContent
  • WebSearchToolCallContent
  • WebSearchToolResultContent
• ImageGeneration tool content types and tool are now stable #​7476
  • ImageGenerationToolCallContent
  • ImageGenerationToolResultContent
  • HostedImageGenerationTool
  • ImageGenerationOptions
  • ImageGenerationResponseFormat (the Hosted enum value remains experimental)
  • IImageGenerator and the rest of the image generation infrastructure also remain experimental

New Experimental APIs

The following new APIs emit the MEAI001 experimental diagnostic.

• New experimental API: HostedToolSearchTool with DeferredTools for tool-search-driven deferred tool loading #​7471
• New experimental API: OpenAIRequestPolicies extension hook for appending System.ClientModel.PipelinePolicy instances to outgoing OpenAI requests #​7495

Breaking Changes to Experimental APIs

• WebSearchToolResultContent.Results was renamed to Outputs as part of the stabilization in #​7493, aligning with CodeInterpreterToolResultContent.Outputs. The original Results property was included in version 10.4.0 and 10.5.0; this is a binary breaking change and consumers need to update to consume the updated property.

  WebSearchToolResultContent content = ...;
  - IList<AIContent>? items = content.Results;
  + IList<AIContent>? items = content.Outputs;

... (truncated)

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

1. Rename VectorStoreVectorAttribute constructor parameter #​7460
   • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
   • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

• HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

• Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
• Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
• Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
• Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
• Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
• Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
• Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

• Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
• Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

• Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
• Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

• Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

• Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

• Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package	Version
Microsoft.Extensions.AI.Abstractions	10.4.1
Microsoft.Extensions.AI	10.4.1
Microsoft.Extensions.AI.OpenAI	10.4.1

Experimental API Changes

New Experimental APIs

• New experimental API: Realtime Client Sessions #​7285 and #​7399
• New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

• Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

• Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
• Realtime Client Proposal #​7285 by @​tarekgh
• Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
• Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
• Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
• Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
• Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

• Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

• Fix test warnings #​7369 by @​jozkee
• Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

• Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
• Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

• @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
  ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Extensions.Telemetry from 10.4.0 to 10.6.0.

Release notes

Sourced from Microsoft.Extensions.Telemetry's releases.

10.6.0

Version 10.6.0 stabilizes the response continuation token and background-response APIs in Microsoft.Extensions.AI.Abstractions. Most other AI ...

Description has been truncated

Dependabot will...

Description has been truncated

[dependabot]

Superseded by #135.