Overview
The fixes listed below are critical security issues to be fixed and patches for them have been created based on the 9.2.2 release:
- 2018-13 Possible Leaked Cryptographic Information (Critical)
- 2018-14 Possible Cross-Site Scripting (XSS) Vulnerability (Low)
Information
It is always recommended for customers to upgrade to the latest version of Evoq. However, when they are unable to do so, the below patches should be applied, depending on the version they have installed in their environments.
Patches
Version
|
File
|
---|---|
9.2.1 |
SecurityPatches-9.2.1.zip attached. |
9.2.0 | SecurityPatches-9.2.0.zip attached. |
9.1.1 | SecurityPatches-9.1.1.zip attached. |
Older Versions | No specific patches are provided for these issues, as there are other critical security fixes that cannot be overwritten. A full list is available in the Security Center. |
Instructions
Select the appropriate patch from the list that is applicable to the customer's version and then provide the instructions below:
- Download and unzip the appropriate file, depending on the Evoq version.
- The patch consists of one file only:
DotnetNuke.dll
.
- The patch consists of one file only:
- Rename existing version of the
DotNetNuke.dll
file in theWebsite\Bin
folder to, e.g.DotNetNuke.dll.bak
. - Copy the new file
DotNetNuke.dll
into theWebsite\Bin
folder.
- Important: This will overwrite any previous patches that might have been applied based on the DotNetNuke.dll file.
- Restart the DNN site.
Note: In case of any undesired side effects noticed, the rollback process is to revert the steps given in the instructions above, by:
- Restoring the original file to the
Website\Bin
folder. - Restarting the DNN site.
Comments
0 comments
Please sign in to leave a comment.