Posted by: Joe Brinkman
10/1/2009 7:05 PM 

After we released DotNetNuke 5.1.3 last night, a community member discovered a packaging error in the release.  Specifically the DotNetNuke WebControls 02.02.00 package was not properly integrated.  This package was added in 5.1.2 and included some additional defensive coding to help harden the DotNetNuke Web Controls against potential security issues.  The latest web controls package does not fix any specific security vulnerabilities, but rather improves the baseline security posture of the platform and makes it more difficult for a hacker to find and exploit vulnerabilities.  As a result of the mispackaging we felt it was prudent to release a new version to address this issue and ensure that the community and our Professional customers had a version which included these enhancements.

Upgrading to 5.1.4 is not necessary, but it is recommended.  The changes included in 5.1.4 help keep you safe from future attacks and as such is the recommended version for all of our users.  if you are running 5.1.2 or 5.1.3 you can gain these same benefits by downloading and installing the latest version of the DotNetNuke Webcontrols project (02.02.00) from CodePlex (http://dnnwebcontrols.codeplex.com/).

This incident highlights one of the great benefits of Open Source software in general, and the DotNetNuke community specifically.  Because the community has access to the product source code they are able to perform a more thorough review of each release. Many of our community members take pride in the fact that they have a direct hand in helping to improve DotNetNuke.  I want to personally thank Jan Olsmar for quickly identifying the problem and bringing it to our attention so that we could correct it in a timely manner.  None of the proprietary software companies I have worked in had access to such a passionate and knowledgeable community and as a result I don’t think those proprietary products were as good as they could have been.

This packaging issue also highlights another important topic – Quality.  Over the course of our history, DotNetNuke, like many Open Source products, has faced many challenges in ensuring the quality of our releases.  Overall, I think we have done a fairly good job, but I know we can do better.  We have had some releases, like 5.1.3 where our processes broke down and mistakes were made.  We are currently undergoing some changes to the DotNetNuke core team and the DotNetNuke Corporation team to help meet these challenges and further improve the quality of our releases.  I will be speaking more on this topic at DotNetNuke OpenForce Connections where we’ll be making some exciting new announcements in this regard.  Until then know that we are working hard to address our challenges and that we greatly appreciate the continued support and assistance of the entire DotNetNuke community in ensuring that we put out the best product possible.

Trackback Print

Tags:

Categories:

Location: Blogs Joe Brinkman