Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

About

News Press Releases News Coverage Press KitCareersContact DNN

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Upgrading DNN P...Upgrading DNN P...Apply Dnn_SecurityHotFix20171_01.00.01 for different version of TelerikApply Dnn_SecurityHotFix20171_01.00.01 for different version of Telerik
Previous
 
Next
New Post
7/20/2017 8:18 AM
 
Tadas Norbutas


Joined: 1/20/2009
Posts: 19

Hello DotNetNukers,

As we are all aware there is a security breach related to telerik dll's. There is a post about it and there is a fix available to be downloaded to patch it.

All works perfect if you use default dnn telerik version. In my case we have full telerik license and we use later versions of telerik dll's together with our DNN installations. I can see that patch uses version 2013.2.717.40. Our installations use version 2014.3.1024.40

For this reason patch fails to install. 

Is there anything that could be done so I could install patch and still have my version 2014.3.1024.40 of telerik that I use?

How can I patch this when I use later version full telerik dll's?

I can see our old friend Mitchel Sellers has a post about this and is mentioning that he was doing something extra in this case

Any ideas guidance would be much appreciated

Thanks
Tadas
 
New Post
7/20/2017 11:26 AM
 
Tadas Norbutas


Joined: 1/20/2009
Posts: 19
Or let me ask otherwise.

If I have dnn 9.1.1 installed and telerik dlls replaced by their full version of 2014.3.1024.40 is my website safe?
I can see security analyzer fails on telerik check but according to the source code what it does is it only checks the version of telerik dll and it passes if version is Telerik 2013.2.717.40
 
New Post
7/22/2017 2:58 PM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
if you are using a Telerik Library fixed by the vendor, you should be safe.
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
7/27/2017 11:00 AM
 
Tadas Norbutas


Joined: 1/20/2009
Posts: 19

Hello Sebastian,

So it seems that if you use telerik dlls full version then there is no need to install the dnn fix.

You just have to be sure that your telerik dlls  version is not older than 2012.3.1205 and ensure that there is a setting in web.config "Telerik.AsyncUpload.ConfigurationEncryptionKey" set.

To read more about it is here

Thank you Sebastian for leading me to the right direction

Tadas
 
New Post
7/27/2017 3:10 PM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
Tadas,
You are welcome and thank you for sharing your findings.
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Upgrading DNN P...Upgrading DNN P...Apply Dnn_SecurityHotFix20171_01.00.01 for different version of TelerikApply Dnn_SecurityHotFix20171_01.00.01 for different version of Telerik


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out