Hi Guys,
When we discovered this vulnerability, it was found to be such a critical issue that we were compelled to secure our customers right away. Our first responsibility is always going to be to make sure that PowerDNN customers are running high performance, secure, DNN installations. Our customers have been overwhelmingly thankful for the hard work we've done to secure their sites. Our team is putting together an official report which we will release to the community, it is important that everyone is aware of the issue. We have been in contact with certain members of the core team as well as many of the top vendors in the community. In terms of the $20, we could take that away but then we wouldn't be able to patch non-PowerDNN customers in any way that would be financially feasible. If we got rid of the $20 charge, we could scan your site but not perform any fix. This issue effects so many sites that we want to protect community by releasing the information in a thoughtful way. We will get the information out via the normal DNN channels, but, we view this issue as being critical enough that waiting until the next release of DNN is not sufficient and we were compelled to take action immediately. I hope this clears some things up for some people, we take issues like this very seriously, because like most of you, we love DotNetNuke and it is our livelyhood.
John Grange