dotnet · CamSoper · May 12, 2025 · May 9, 2025 · May 9, 2025 · May 12, 2025
@@ -56,14 +56,15 @@ If you're migrating an app to .NET 10, the breaking changes listed here might af
 
 ## SDK and MSBuild
 
-| Title                                                                                                                | Type of change      | Introduced version |
-|----------------------------------------------------------------------------------------------------------------------|---------------------|--------------------|
-| [.NET CLI `--interactive` defaults to `true` in user scenarios](sdk/10.0/dotnet-cli-interactive.md)                  | Behavioral change   | Preview 3          |
-| [Default workload configuration from 'loose manifests' to 'workload sets' mode](sdk/10.0/default-workload-config.md) | Behavioral change   | Preview 2          |
-| [`dotnet restore` audits transitive packages](sdk/10.0/nugetaudit-transitive-packages.md)                            | Behavioral change   | Preview 3          |
-| [MSBUILDCUSTOMBUILDEVENTWARNING escape hatch removed](sdk/10.0/custom-build-event-warning.md)                        | Behavioral change   | Preview 1          |
-| [MSBuild custom culture resource handling](sdk/10.0/msbuild-custom-culture.md)                                       | Behavioral change   | Preview 1          |
-| [NU1510 is raised for direct references pruned by NuGet](sdk/10.0/nu1510-pruned-references.md)                       | Source incompatible | Preview 1          |
+| Title                                                                                                                        | Type of change                        | Introduced version |
+|------------------------------------------------------------------------------------------------------------------------------|---------------------------------------|--------------------|
+| [.NET CLI `--interactive` defaults to `true` in user scenarios](sdk/10.0/dotnet-cli-interactive.md)                          | Behavioral change                     | Preview 3          |
+| [Default workload configuration from 'loose manifests' to 'workload sets' mode](sdk/10.0/default-workload-config.md)         | Behavioral change                     | Preview 2          |
+| [`dotnet restore` audits transitive packages](sdk/10.0/nugetaudit-transitive-packages.md)                                    | Behavioral change                     | Preview 3          |
+| [MSBUILDCUSTOMBUILDEVENTWARNING escape hatch removed](sdk/10.0/custom-build-event-warning.md)                                | Behavioral change                     | Preview 1          |
+| [MSBuild custom culture resource handling](sdk/10.0/msbuild-custom-culture.md)                                               | Behavioral change                     | Preview 1          |
+| [NU1510 is raised for direct references pruned by NuGet](sdk/10.0/nu1510-pruned-references.md)                               | Source incompatible                   | Preview 1          |
+| [HTTP warnings promoted to errors in `dotnet package list` and `dotnet package search`](sdk/10.0/http-warnings-to-errors.md) | Behavioral/source incompatible change | Preview 4          |
 
 ## Windows Forms
 

@@ -0,0 +1,52 @@
+---
+title: "Breaking change - HTTP warnings promoted to errors in dotnet package list and dotnet package search"
+description: "Learn about the breaking change in .NET 10 Preview 4 where HTTP warnings are promoted to errors in dotnet package operations."
+ms.date: 5/9/2025
+ai-usage: ai-assisted
+ms.custom: https://github.com/dotnet/docs/issues/45985
+---
+
+# HTTP warnings promoted to errors in `dotnet package list` and `dotnet package search`
+
+Starting in .NET 10 Preview 4, HTTP warnings generated by `dotnet package list`, `dotnet package search`, and related APIs are now treated as errors by default.
+
+## Version introduced
+
+.NET 10 Preview 4
+
+## Previous behavior
+
+Previously, when using HTTP sources, the tools displayed a warning, such as:
+
+```output
+You are running the 'list package' operation with an 'HTTP' source, 'http://api.source/index.json'. Non-HTTPS access will be removed in a future version. Consider migrating to an 'HTTPS' source.
+```
+
+The operation continued without interruption.
+
+## New behavior
+
+The tools now treat HTTP sources as errors by default. To allow HTTP sources, explicitly set `allowInsecureConnections="true"` in *nuget.config*.
+
+## Type of breaking change
+
+This is a [behavioral change](../../categories.md#behavioral-change).
+
+## Reason for change
+
+This change improves security by blocking insecure HTTP sources by default. It aligns with secure-by-default practices to protect users from potential vulnerabilities.
+
+## Recommended action
+
+Migrate to HTTPS sources to avoid the error. To continue using HTTP sources, update your *nuget.config* file to include the following setting:
+
+```xml
+<add key="allowInsecureConnections" value="true" />
+```
+
+## Affected APIs
+
+- `dotnet package list`
+- `dotnet package search`
+- `NuGet.Protocol.Core.Types.PackageUpdateResource.PushAsync`
+- `NuGet.Protocol.Core.Types.PackageUpdateResource.Delete`
@@ -60,6 +60,8 @@ items:
                 href: sdk/10.0/msbuild-custom-culture.md
               - name: NU1510 is raised for direct references pruned by NuGet
                 href: sdk/10.0/nu1510-pruned-references.md
+              - name: HTTP warnings promoted to errors in 'dotnet package list' and 'dotnet package search'
+                href: sdk/10.0/http-warnings-to-errors.md
           - name: Windows Forms
             items:
               - name: API obsoletions
@@ -1944,6 +1946,8 @@ items:
                 href: sdk/10.0/msbuild-custom-culture.md
               - name: NU1510 is raised for direct references pruned by NuGet
                 href: sdk/10.0/nu1510-pruned-references.md
+              - name: HTTP warnings promoted to errors in dotnet package list and dotnet package search
+                href: sdk/10.0/http-warnings-to-errors.md
           - name: .NET 9
             items:
               - name: "`dotnet sln add` doesn't allow invalid file names"