What are the Critical Security Patches for DNN Evoq 9.1.1 to 9.2.1?

Overview

The fixes listed below are critical security issues to be fixed and patches for them have been created based on the 9.2.2 release:

  • 2018-13  Possible Leaked Cryptographic Information (Critical)
  • 2018-14  Possible Cross-Site Scripting (XSS) Vulnerability (Low) 

Information

It is always recommended for customers to upgrade to the latest version of Evoq. However, when they are unable to do so, the below patches should be applied, depending on the version they have installed in their environments. 

Patches

Version
File
9.2.1

SecurityPatches-9.2.1.zip attached.

9.2.0 SecurityPatches-9.2.0.zip attached.
9.1.1 SecurityPatches-9.1.1.zip attached.
Older Versions No specific patches are provided for these issues, as there are other critical security fixes that cannot be overwritten. A full list is available in the Security Center.

Instructions

Select the appropriate patch from the list that is applicable to the customer's version and then provide the instructions below:

  1. Download and unzip the appropriate file, depending on the Evoq version.
    • The patch consists of one file only: DotnetNuke.dll.
  2. Rename existing version of the DotNetNuke.dll file in the Website\Bin folder to, e.g. DotNetNuke.dll.bak.
  3. Copy the new file DotNetNuke.dll into the Website\Bin folder.
    • Important: This will overwrite any previous patches that might have been applied based on the DotNetNuke.dll file. 
  4. Restart the DNN site.

Note: In case of any undesired side effects noticed, the rollback process is to revert the steps given in the instructions above, by:

  1. Restoring the original file to the Website\Bin folder.
  2. Restarting the DNN site.

Attachments

Comments

0 comments

Please sign in to leave a comment.