Today DNN Platform 9.0.1
has been released. This release resolves the following security issues:
·
2017-01 (Medium) Antiforgery checks on
Web APIs can be ignored in certain situations
·
2017-02 (Low) Authorization can be
bypassed for few Web APIs
·
2017-03 (Low) Socially engineered link
can trick users into some unwanted actions
·
2017-04 (Low) Unauthorized file-copies
can cause disk space issues
Full details of all the
above issues can be read at https://www.dnnsoftware.com/platform/manage/security-center
As always we recommend you
upgrade as soon as possible, particularly when the release contains any “critical”
fix.
Also,
we recommend users check the Security Analyzer page in the PersonaBar to help them
audit their sites’ security settings.
Acknowledgements
We would like to thank
the following for responsibly disclosing issues to our security team, and
allowing us the time to resolve them:
·
Saurabh B