← Back to all briefings
Developer 5 min read Published Updated Credibility 89/100

Runtime Lifecycle Briefing — .NET 5 End of Support

.NET 5 reached end of support on 8 May 2022, compelling organisations to inventory affected workloads, migrate to .NET 6 or newer, update hosting environments, and document compliance with supported runtimes.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: Microsoft ended support for .NET 5 on 8 May 2022, concluding the 18-month lifecycle of the first unified .NET release. Security fixes, servicing updates, and technical support are no longer provided. Organisations must migrate applications, services, and build pipelines to supported long-term support (LTS) releases—.NET 6 (supported through November 2024) or newer—while ensuring dependencies, hosting environments, and compliance documentation reflect the updated runtime.

Operational priorities

Begin with a comprehensive inventory of .NET runtimes across environments. Use tools such as the dotnet --info command, Azure App Service diagnostics, or Windows Server inventory scripts to locate .NET 5 workloads in production, staging, and CI/CD infrastructure. Include container images (e.g., mcr.microsoft.com/dotnet/aspnet:5.0), serverless platforms (Azure Functions, AWS Lambda custom runtimes), desktop deployments, and third-party products embedding .NET 5 components. Categorise workloads by criticality to plan upgrade waves.

Upgrade application projects to target .NET 6 or newer. Update TargetFramework values in project files, adjust NuGet package references, and recompile. Microsoft’s upgrade assistant tool (upgrade-assistant) can help modernise codebases, migrating from .NET Framework or .NET Core to .NET 6, updating package references, and flagging API changes. Pay close attention to breaking changes documented in Microsoft’s release notes—such as ASP.NET Core’s minimal hosting model, default logging behaviour, and nullable reference types improvements—to ensure functionality remains intact.

Test dependencies for compatibility. Third-party libraries may have released new versions targeting .NET 6 LTS; update packages and run unit, integration, and performance tests. For Entity Framework Core, evaluate model snapshot migrations and connection resiliency improvements. If using gRPC, verify compatibility with updated HTTP/2 stacks and configure improved compression settings available in .NET 6. Update Dockerfiles to reference dotnet/sdk:6.0 and dotnet/aspnet:6.0, rebuilding base images and scanning for vulnerabilities.

Infrastructure and hosting

Update hosting environments to support .NET 6. For Windows Server with IIS, install the .NET 6 Hosting Bundle, ensuring that ASP.NET Core Module V2 is updated and that application pools use the correct runtime. On Linux, add Microsoft’s package repositories for .NET 6, update systemd services, and validate SELinux/AppArmor profiles. In Kubernetes, update base images, Helm charts, and configuration maps referencing .NET 5 environment variables. For Azure App Service, switch to the .NET 6 runtime stack and verify slot swap behaviour. Azure Functions v4 supports .NET 6 out of the box; migrate any custom handlers accordingly.

For container orchestration, pay attention to resource usage changes. .NET 6 introduces performance enhancements (dynamic profile-guided optimisation, thread pool improvements, minimal APIs) that may alter CPU and memory profiles. Recalibrate horizontal pod autoscaler thresholds and container resource limits after load testing. Incorporate health checks and startup probes aligned with .NET 6’s diagnostics features (EventCounters, dotnet-monitor).

Security and compliance

Unsupported software presents audit and regulatory risks. Update vulnerability management registers to flag .NET 5 assets, documenting remediation plans and due dates. For frameworks like PCI DSS, HIPAA, FedRAMP, or ISO/IEC 27001, demonstrate that systems rely on supported platforms with current security patches. If immediate migration is impossible, implement compensating controls (network segmentation, Web Application Firewalls, additional monitoring) and obtain temporary risk acceptances with defined sunset dates.

Review cryptographic configurations. .NET 6 aligns with current TLS standards, supports OpenSSL 3 on Linux, and enforces updated cipher suites. Validate that custom certificate handling, token signing, or FIPS mode configurations operate correctly. For identity integrations (Azure AD, OpenID Connect), ensure middleware packages (Microsoft.Identity.Web, IdentityServer) are updated, and confirm that redirect URIs and scopes remain valid post-upgrade.

Governance and programme management

Establish a migration programme with executive sponsorship. Present a heatmap of .NET 5 dependencies, expected effort, and risk levels to steering committees. Define workstreams for application remediation, infrastructure updates, testing, and documentation. Track progress via dashboards measuring percentage of services upgraded, open defects, and compliance exceptions. Include third-party vendor products in the scope—solicit statements of support and timelines for .NET 6-compatible releases, escalating through procurement if vendors lag.

Communicate with product owners and customers about potential feature freezes or maintenance windows. Align release schedules to avoid peak business periods, and prepare rollback plans in case regressions arise. For SaaS providers, update service status pages and release notes to reassure customers that platform upgrades deliver improved security and performance.

Sourcing considerations

Work with managed service providers and hosting partners to confirm support for .NET 6. Update statements of work to include responsibilities for runtime patching, monitoring, and emergency response. Evaluate whether platform engineering teams should provide golden images or internal developer platform templates featuring .NET 6 base images, automated dependency updates, and built-in observability (OpenTelemetry exporters, Prometheus metrics).

Assess licensing implications. While .NET itself is open source and free, associated tooling (Visual Studio, third-party controls) may require upgrades or new licences to access .NET 6-compatible versions. Budget for training developers on new features, such as C# 10 enhancements, hot reload, and minimal APIs.

Quality assurance and observability

Plan extensive testing cycles to validate performance and functionality on .NET 6. Execute automated regression suites, contract tests, and exploratory testing to uncover behavioural differences. Use load testing frameworks (Azure Load Testing, k6, JMeter) to compare throughput and latency profiles, adjusting performance baselines accordingly. Leverage .NET 6 diagnostics—EventPipe, counters, distributed tracing—to instrument applications and ensure telemetry integrates with observability platforms (Application Insights, Dynatrace, New Relic). Update alert thresholds to reflect new performance characteristics and reduce false positives during rollout.

Post-migration activities

After upgrading, decommission .NET 5 assets. Remove obsolete SDKs from build agents, uninstall runtime packs from servers, and delete container images from registries to prevent accidental redeployment. Update documentation, architecture diagrams, and CMDB entries to reflect the new runtime baseline. Configure patch management policies to monitor .NET 6 servicing updates (monthly security releases) and plan for future transitions to .NET 8 LTS (targeted for November 2023).

Capture lessons learned via retrospectives, focusing on dependency management, testing automation, and change control. Institutionalise a cadence for reviewing Microsoft’s support policies, ensuring future migrations commence well before end-of-support deadlines. Embed runtime lifecycle tracking into engineering OKRs or platform governance frameworks.

By proactively migrating from .NET 5 to supported LTS releases, organisations reduce exposure to unpatched vulnerabilities, improve performance, and align with Microsoft’s unified .NET roadmap.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • .NET 5
  • Runtime lifecycle
  • End of support
Back to curated briefings