Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

The Community Blog is a personal opinion of community members and by no means the official standpoint of DNN Corp or DNN Platform. This is a place to express personal thoughts about DNNPlatform, the community and its ecosystem. Do you have useful information that you would like to share with the DNN Community in a featured article or blog? If so, please contact .

The use of the Community Blog is covered by our Community Blog Guidelines - please read before commenting or posting.


DotNetNuke 5.4.3 Released

Products I am pleased to announce the release of DotNetNuke 5.4.3.  This month’s maintenance release focused on resolving major issues with page management and with the Telerik HTML Editor Provider.  The page management fixes should resolve all major outstanding issues in this area.  The HTML Editor Provider fixes addressed some of the larger issues with the provider, although we recognize there are still several fixes and enhancements that remain for this particular item which we hope to address in the upcoming 5.5 release.  The 5.4.3 release also includes a number of security fixes.  As always our community continues to work with the security team to identify potential security issues and to help test the subsequent security fixes. As an Open Source project, the DotNetNuke platform and the community benefit tremendously from this collaborative relationship that allows us to discover security issue in a timely manner and quickly work to resolve them.  Finally, I want to thank those community members who provided bug fixes for this months release.  Their efforts help to create a better product for all of us.  Below are the highlights from this months release.  As usual, you can see a full list of changes in the changelog.

Major Highlights

  • Fixed issue where page level and TabPath were not properly updated for descendents
  • Implemented LinkClick functionality in Telerik editor.
  • Fixed issue with displaying a module on all pages.
  • Fixed issue with page management not working correctly.
  • Fixed issue where messaging was using incorrect logic to notify users.
  • Fixed issue with PurgeExpiredItems when the portal's home folder may not have been mapped correctly.
  • Fixed issue when hitting Enter while in the Tag edit text box.
  • Fixed issue where bulk updates did not properly repair existing modules.
  • Fixed a bunch of minor HTML formatting issues.
  • Fixed issue with sending Event Viewer exception messages when using Secure SMTP.
  • Fixed issue with module caching being ignored for non-browser user agents.
  • Improved performance by only loading HTML Module menu when user is allowed to see it.
  • Fixed issue where the DNNCountryEditControl does not return a value in the PropertyEditor
  • Fixed issue with using external URL Rewriters causing error in initWidgets.js
  • Fixed the issue with the ToolsFile property of the Telerik Editor to set the appropriate property on the underlying RadEditor.
  • protection was added to ensure that a hacker who had a valid login to a site could not use viewstate details to perform a cross-site request forgery to public functions.
  • alter log files extension so their existance or contents cannot be useful to potential hackers
  • an additional filter was added to the existing core blacklist filter to catch an invalid tag that could lead to a cross-site scripting issue
  • at present profile properties automatically strip dangerous XSS characters from data. In addition they support regular expressions to allow sites to configure the allowable characters. We've added an additonal html encoding to ensure dangerous html cannot be passed
  • due to a logical error in the profile property provider, it's possible for member only profile properties to be displayed to non-members. Code was added to protect against misconfiguration revealing sensitive data.
  • added additional encoding to sitelog to follow security best practices.
  • Improved security by HTML Encoding taxonomy tags.

Security Fixes

    • Logfiles contents after exception may lead to information leakage (Bulletin 37)
    • Cross-site request forgery possible against other users of a site (Bulletin 38)
    • Update inputfilter for invalid tag that could allow XSS attack (Bulletin 39)
    • Mail function can result in unauthorized email access (Bulletin 40)
    • Fix issue where member only profile properties could be exposed publically under certain conditions (Bulletin 41)
    • Profile properties not htmlencoding data (Bulletin 42)

Updated Modules/Providers

The following modules and providers have been updated in the 5.4.3 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

  • none

Providers

  • none

Comments

Comment Form

Only registered users may post comments.

NewsArchives


Aderson Oliveira (22)
Alec Whittington (11)
Alessandra Daniels (3)
Alex Shirley (10)
Andrew Hoefling (3)
Andrew Nurse (30)
Andy Tryba (1)
Anthony Glenwright (5)
Antonio Chagoury (28)
Ash Prasad (37)
Ben Schmidt (1)
Benjamin Hermann (25)
Benoit Sarton (9)
Beth Firebaugh (12)
Bill Walker (36)
Bob Kruger (5)
Bogdan Litescu (1)
Brian Dukes (2)
Brice Snow (1)
Bruce Chapman (20)
Bryan Andrews (1)
cathal connolly (55)
Charles Nurse (163)
Chris Hammond (213)
Chris Paterra (55)
Clint Patterson (108)
Cuong Dang (21)
Daniel Bartholomew (2)
Daniel Mettler (181)
Daniel Valadas (48)
Dave Buckner (2)
David Poindexter (12)
David Rodriguez (3)
Dennis Shiao (1)
Doug Howell (11)
Erik van Ballegoij (30)
Ernst Peter Tamminga (80)
Francisco Perez Andres (17)
Geoff Barlow (12)
George Alatrash (12)
Gifford Watkins (3)
Gilles Le Pigocher (3)
Ian Robinson (7)
Israel Martinez (17)
Jan Blomquist (2)
Jan Jonas (3)
Jaspreet Bhatia (1)
Jenni Merrifield (6)
Joe Brinkman (274)
John Mitchell (1)
Jon Henning (14)
Jonathan Sheely (4)
Jordan Coopersmith (1)
Joseph Craig (2)
Kan Ma (1)
Keivan Beigi (3)
Kelly Ford (4)
Ken Grierson (10)
Kevin Schreiner (6)
Leigh Pointer (31)
Lorraine Young (60)
Malik Khan (1)
Matt Rutledge (2)
Matthias Schlomann (16)
Mauricio Márquez (5)
Michael Doxsey (7)
Michael Tobisch (3)
Michael Washington (202)
Miguel Gatmaytan (3)
Mike Horton (19)
Mitchel Sellers (40)
Nathan Rover (3)
Navin V Nagiah (14)
Néstor Sánchez (31)
Nik Kalyani (14)
Oliver Hine (1)
Patricio F. Salinas (1)
Patrick Ryan (1)
Peter Donker (54)
Philip Beadle (135)
Philipp Becker (4)
Richard Dumas (22)
Robert J Collins (5)
Roger Selwyn (8)
Ruben Lopez (1)
Ryan Martinez (1)
Sacha Trauwaen (1)
Salar Golestanian (4)
Sanjay Mehrotra (9)
Scott McCulloch (1)
Scott Schlesier (11)
Scott Wilkinson (3)
Scott Willhite (97)
Sebastian Leupold (80)
Shaun Walker (237)
Shawn Mehaffie (17)
Stefan Cullmann (12)
Stefan Kamphuis (12)
Steve Fabian (31)
Steven Fisher (1)
Tony Henrich (3)
Torsten Weggen (3)
Tycho de Waard (4)
Vicenç Masanas (27)
Vincent Nguyen (3)
Vitaly Kozadayev (6)
Will Morgenweck (40)
Will Strohl (180)
William Severance (5)
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out