Sitecore NuGet Packages — What Does “Quarantined” Mean?

If you’ve recently browsed the Sitecore public NuGet feed, you might have come across a curious message: “Package is quarantined” — specifically on packages like:

• sitecore.layoutservice.10.1.0.nupkg
• sitecore.layoutservice.10.0.0.nupkg

This can lead to some confusion if you’re working on a solution targeting Sitecore 10.0 or 10.1 and expecting those versions to be freely available.

What Does “Quarantined” Mean?

In Sitecore’s artifact repository, a “quarantined” status typically means the package has been pulled from public access due to a potential issue — often related to:

• Security vulnerabilities (e.g., a CVE or unpatched exploit)
• Critical bugs that break functionality
• Versioning conflicts with dependencies like Sitecore.Mvc

So if you’re wondering whether you should wait, the short answer is: yes, if you can afford to. In the meantime, there are a few options you can consider.

What You Can Do

• Upgrade to 10.0.6+ — this version is stable and publicly available, but be aware that some newer packages may require Sitecore.Mvc >= 10.4.
• Fallback to 8.1.0 — not ideal, as it may not support the features you need.
• Reference the DLL directly — this works in a pinch but isn’t ideal for long-term maintainability.

If this is a critical dependency and no public patch has been announced, it’s worth raising a ticket through Sitecore support or checking community channels (Slack, Stack Exchange, or MVP circles) to confirm if a CVE or patch release is expected.

Stay Informed

Want to avoid surprises? You can keep an eye on:

• Sitecore Support KB
• Sitecore GitHub repositories
• Sitecore Community forums

And if you ever stumble upon something like this again — don’t hesitate to ask around.