Products

Solutions

Resources

Partners

Community

Blog

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Skins, Themes, ...Skins, Themes, ...DNNGo Themes no longer in DNN StoreDNNGo Themes no longer in DNN Store
Previous
 
Next
New Post
10/26/2017 2:49 PM
 
This was the first instance of DNN removing an active vendor from the store. Like I said before, this wasn't an easy decision. This wasn't just about fixing the security issues. DNNGo did fix their numerous security issues. However, in our audit of their code we found several other severe issues that put us in a very tough spot. The public exploits that occurred because of these vulnerabilities affect the entire ecosystem. When we see severe code quality issues and coding practices that shouldn't be in a distributed module, we have to do what we feel is in the best interest of the entire community.

I agree that DNNGo has done some great work their themes. I'll see what we can do to get their themes back on the Store. We will have to do another review of their modules before we could put those back on the Store.

-Will

Will Morgenweck
VP, Product Management
DotNetNuke Corp.
 
New Post
10/26/2017 3:55 PM
 
Thank you for enlightening us a bit on this Will. I would love to understand more about these "other severe issues". We have many client sites built using DNNGo themes, or some variation thereof, and we are concerned about any vulnerabilities that could still exist post-fixes-being-applied. Is there a way for you to share these (publicly or privately)? I am surprised to hear there may be "public exploits that occurred because of these vulnerabilities".

Furthermore, I would highly suggest that if DNN Corp is going to start playing a role to monitor and act on "severe code quality issues and coding practices", then clear guidelines need to be published as to what the standard is.

Thanks!


nvisionative, Inc.
Corporate Website  |  Facebook Page  |  Twitter Page
 
New Post
10/26/2017 7:52 PM
 
David Poindexter wrote:
Thank you for enlightening us a bit on this Will. I would love to understand more about these "other severe issues". We have many client sites built using DNNGo themes, or some variation thereof, and we are concerned about any vulnerabilities that could still exist post-fixes-being-applied. Is there a way for you to share these (publicly or privately)? I am surprised to hear there may be "public exploits that occurred because of these vulnerabilities".

Furthermore, I would highly suggest that if DNN Corp is going to start playing a role to monitor and act on "severe code quality issues and coding practices", then clear guidelines need to be published as to what the standard is.

Thanks!

+1 and well said! :)


Will Strohl

Upendo Ventures Upendo Ventures
DNN experts since 2003
Official provider of the Hotcakes Commerce Cloud and SLA support
 
New Post
10/26/2017 8:12 PM
 
David Poindexter wrote:
Thank you for enlightening us a bit on this Will. I would love to understand more about these "other severe issues". We have many client sites built using DNNGo themes, or some variation thereof, and we are concerned about any vulnerabilities that could still exist post-fixes-being-applied. Is there a way for you to share these (publicly or privately)? I am surprised to hear there may be "public exploits that occurred because of these vulnerabilities".
All issues that were being actively exploited AND the additional issues that we found were all properly patched when the notices were sent.  We didn't send those notices until we confirmed all known issues were addressed and the new versions were available on the DNNGo website.
Furthermore, I would highly suggest that if DNN Corp is going to start playing a role to monitor and act on "severe code quality issues and coding practices", then clear guidelines need to be published as to what the standard is.
Let me be clear. We aren't in a position yet to monitor the code quality of everything on the Store, but we want to get there. Obviously, before we start doing anything like that we would have clear guidelines available. The DNNGo situation wasn't about us randomly policing a vendor. A security issue was reported and we were asked to investigate. We had to take appropriate action based upon what we found.

As a side note, keep an eye out for a blog post from Clint Patterson.  He will be sharing ideas for how we would like to engage more with the community to help with matters such as this.

Thanks,

Will


Will Morgenweck
VP, Product Management
DotNetNuke Corp.
 
New Post
10/27/2017 4:36 AM
 
Yes, I was perplexed as well It would be beneficial to have a plausible reason as to why they are no loner available

http://fmichaelfurbert.com/video-marketing-software
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Skins, Themes, ...Skins, Themes, ...DNNGo Themes no longer in DNN StoreDNNGo Themes no longer in DNN Store


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out