Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

The Community Blog is a personal opinion of community members and by no means the official standpoint of DNN Corp or DNN Platform. This is a place to express personal thoughts about DNNPlatform, the community and its ecosystem. Do you have useful information that you would like to share with the DNN Community in a featured article or blog? If so, please contact .

The use of the Community Blog is covered by our Community Blog Guidelines - please read before commenting or posting.


DotNetNuke 5.5.1 Released

products2I am happy to announce the release of DotNetNuke 5.5.1.  This release includes many bug fixes for the most critical issues identified in DotNetNuke 5.5.0 which we released last month.  As a result of the recent ASP.Net Padding Oracle Vulnerability, which was discussed by Shaun Walker and Cathal Connolly in their recent blogs, we have added additional checks and upgrade enhancements in this release to ensure that DotNetNuke sites running the latest version are using the recommended CustomErrors configuration.  

As we have noted in many of our recent releases, we continue to increase our Quality Assurance efforts with each release.  Given the critical nature of the ASP.Net vulnerability, we paid extra attention to more than 40 different upgrade scenarios to increase the stability and reliability of the upgrade process, and to ensure that once upgraded your site would be protected.  As always, even for those unfortunate few who have issues upgrading, the community stands ready to assist you with any problems you may encounter.  We highly recommend that everyone upgrade to the DotNetNuke 5.5.1 release as soon as possible.  For those who are unable to upgrade their sites we anticipate having a standalone module which we will make available later this week which provides the same benefits against the padding oracle vunlnerability as the core enhancements made in 5.5.1.

POETYou can find out more information about all of the issues fixed in this release on the changelog.

Major Highlights

  • Added feature to detect if a site is not running the suggested customErrors configuration to mitigate the ASP.Net Padding Oracle Vulnerability.
  • Updated the default web.config to use the recommended customerrors settings to mitigate the ASP.Net Padding Oracle Vulnerability.
  • Fixed Sitemap Provider so it only returns one page when multiple languages are enabled and Content Localization is not enabled.
  • Fixed Telerik File Manager to make files stored using database folders visible to the user.
  • Fixed issue where module developers using custom aspx pages that inherit from basepage and use codeblocks get an exception
  • Fixed issue where the locale was not properly reflecting the querystring and the users browser or portal settings.
  • Fixed issue where users were not granted proper permissions for the Templates folder on install.
  • Fixed issue where missing objectqualifier would cause upgrade script to fail.
  • Updated the url parser to take port 443 and ssl into consideration. its no longer necessary to turn off human friendly or use-port number in web.config
  • Fixed behavior of Language detection when Content Localization is not enabled.
  • Updated update tab logic to take host tabs into consideration.
  • Fixed install template to ensure content localization is defaulted to off for new installs
  • Updated the warnning dialog confirmation box to show the user name and the role that the user is being removed from.
  • Fixed issue where tab hierarchy was not displayed properly when the tab level was changed in the tab hierarchy.
  • Fixed issue where translators were not given the proper edit permissions when content localization was enabled.

Security Fixes

Updated Modules/Providers

The following modules and providers have been updated in the 5.5.1 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

  • Feedback Module 05.00.02

Providers

  • none

NOTE:  As with any release, we recommend you perform a complete file and database backup before performing any upgrade on a production website and that you first conduct a trial upgrade on a staging version of the site.  Following these guidelines will ensure that you are able to recover should any unforeseen problems arise during the upgrade process.

Comments

There are currently no comments, be the first to post one.

Comment Form

Only registered users may post comments.

NewsArchives


Aderson Oliveira (22)
Alec Whittington (11)
Alessandra Daniels (3)
Alex Shirley (10)
Andrew Hoefling (3)
Andrew Nurse (30)
Andy Tryba (1)
Anthony Glenwright (5)
Antonio Chagoury (28)
Ash Prasad (37)
Ben Schmidt (1)
Benjamin Hermann (25)
Benoit Sarton (9)
Beth Firebaugh (12)
Bill Walker (36)
Bob Kruger (5)
Bogdan Litescu (1)
Brian Dukes (2)
Brice Snow (1)
Bruce Chapman (20)
Bryan Andrews (1)
cathal connolly (55)
Charles Nurse (163)
Chris Hammond (213)
Chris Paterra (55)
Clint Patterson (108)
Cuong Dang (21)
Daniel Bartholomew (2)
Daniel Mettler (181)
Daniel Valadas (48)
Dave Buckner (2)
David Poindexter (12)
David Rodriguez (3)
Dennis Shiao (1)
Doug Howell (11)
Erik van Ballegoij (30)
Ernst Peter Tamminga (80)
Francisco Perez Andres (17)
Geoff Barlow (12)
George Alatrash (12)
Gifford Watkins (3)
Gilles Le Pigocher (3)
Ian Robinson (7)
Israel Martinez (17)
Jan Blomquist (2)
Jan Jonas (3)
Jaspreet Bhatia (1)
Jenni Merrifield (6)
Joe Brinkman (274)
John Mitchell (1)
Jon Henning (14)
Jonathan Sheely (4)
Jordan Coopersmith (1)
Joseph Craig (2)
Kan Ma (1)
Keivan Beigi (3)
Kelly Ford (4)
Ken Grierson (10)
Kevin Schreiner (6)
Leigh Pointer (31)
Lorraine Young (60)
Malik Khan (1)
Matt Rutledge (2)
Matthias Schlomann (16)
Mauricio Márquez (5)
Michael Doxsey (7)
Michael Tobisch (3)
Michael Washington (202)
Miguel Gatmaytan (3)
Mike Horton (19)
Mitchel Sellers (40)
Nathan Rover (3)
Navin V Nagiah (14)
Néstor Sánchez (31)
Nik Kalyani (14)
Oliver Hine (1)
Patricio F. Salinas (1)
Patrick Ryan (1)
Peter Donker (54)
Philip Beadle (135)
Philipp Becker (4)
Richard Dumas (22)
Robert J Collins (5)
Roger Selwyn (8)
Ruben Lopez (1)
Ryan Martinez (1)
Sacha Trauwaen (1)
Salar Golestanian (4)
Sanjay Mehrotra (9)
Scott McCulloch (1)
Scott Schlesier (11)
Scott Wilkinson (3)
Scott Willhite (97)
Sebastian Leupold (80)
Shaun Walker (237)
Shawn Mehaffie (17)
Stefan Cullmann (12)
Stefan Kamphuis (12)
Steve Fabian (31)
Steven Fisher (1)
Tony Henrich (3)
Torsten Weggen (3)
Tycho de Waard (4)
Vicenç Masanas (27)
Vincent Nguyen (3)
Vitaly Kozadayev (6)
Will Morgenweck (40)
Will Strohl (180)
William Severance (5)
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out