Archive
Monthly
Go
|
|
DNN Blog
Jun
11
Posted by:
cathal connolly
6/11/2008 10:09 PM
The 4.8.4 version of DotNetNuke has been released.
This release fixes 3 "low" security issues, all of them cross-site scripting attacks. The details can be read here , here and here.
If you're new to upgrading I recommend you read the "detailed installation guide" found here , and the excellent set of blog entries from Erik here and here. For users who are running 4.6.2 or above, I recommend you read this blog entry which details how to use the upgrade package to easily merge any web.config changes.
You can read more details about these issues and our security policy here
3 comment(s) so far...
Re: Security bulletins released
Hi,
I would like to ask what is going on for many recent DNN solutions since 4.6.2 until this last 4.8.4 ?
None of them seems to complete at all the installation wizard, because when we click on GOTO YOUR SITE link it continues to blink and nothing opens. Even if you open a new IE browser windows and call it by http://localhost/.
I have been using DNN since version 3.0.13 and I really would like to know why so many people are getting this strange situation.
The best regards,
Renato
By zimerfeld on
6/13/2008 9:46 PM
|
Re: Security bulletins released
@Renato, i haven't heard about many people having issues upgrading, I know people who've succesfully updated dozens of sites without issue. Please check that you have the necessary permissions on your web.config, as since 4.6.2 the upgrade package merges changes automatically.
By cathal on
6/13/2008 9:47 PM
|
Re: Security bulletins released
I appreciate the proactive attitude to security...it's one of the things that continues to convince me that DNN is the best platform, bar none.
One sidenote: is it just me, or is there a certain irony that a security issue that can be encountered during installation...is fixed by running an installation? Again, I understand the reasons behind this, I just thought it was funny.
- Erik
By EJSawyer on
6/17/2008 4:50 PM
|
|