DNN Blog Archive

Search DNN Blogs

KeywordsPhrase

DNN Bloggers

	View All Recent Entries
	Alec Whittington (11)
	Alex Shirley (10)
	Andrew Nurse (30)
	Anthony Glenwright (5)
	Antonio Chagoury (28)
	Ash Prasad (8)
	Benjamin Hermann (18)
	Benoît Sarton (9)
	Bill Walker (36)
	Bob Kruger (6)
	Brice Snow (1)
	Bryan Andrews (1)
	Cathal Connolly (44)
	Charles Nurse (138)
	Chris Hammond (179)
	Christopher Paterra (53)
	Cuong Dang (19)
	Daniel Bartholomew (2)
	Dave Buckner (2)
	Doug Howell (11)
	Erik van Ballegoij (22)
	Ernst Peter Tamminga (56)
	Gilles Le Pigocher (3)
	Ian Robinson (7)
	Israel Martinez (13)
	Jan Blomquist (3)
	Jenni Merrifield (6)
	Joe Brinkman (206)
	Jogi Nijjar (0)
	Jon Henning (14)
	Keivan Beigi (3)
	Ken Grierson (7)
	Kevin Schreiner (6)
	Leigh Pointer (31)
	Lorraine Young (60)
	Matthias Schlomann (9)
	Mauricio Márquez (5)
	Michael Washington (201)
	Mike Horton (18)
	Mitchel Sellers (17)
	Navin Nagiah (13)
	Néstor Sánchez (30)
	Nik Kalyani (14)
	Patrick Santry (3)
	Peter Donker (34)
	Philip Beadle (133)
	Richard Dumas (14)
	Rob Chartier (0)
	Robert J Collins (5)
	Roger Selwyn (4)
	Rubén López Aparicio (1)
	S. Shawn Mehaffie (17)
	Salar Golestanian (4)
	Sanjay Mehrotra (9)
	Scott McCulloch (1)
	Scott Schlesier (6)
	Scott Willhite (87)
	Sebastian Leupold (68)
	Shaun Walker (206)
	Stefan Cullmann (8)
	Stefan Kamphuis (7)
	Steve Fabian (31)
	Tam Tran Minh (0)
	Timo Breumelhof (24)
	Vicenç Masanas (26)
	Vincent Nguyen (3)
	Vitaly Kozadayev (6)
	Will Morgenweck (26)
	Will Strohl (112)
	William Severance (5)

DNN Blog

DotNetNuke 5.4.3 Released

Jun 17

Posted by: Joe Brinkman
6/17/2010 10:37 AM

Products I am pleased to announce the release of DotNetNuke 5.4.3. This month’s maintenance release focused on resolving major issues with page management and with the Telerik HTML Editor Provider. The page management fixes should resolve all major outstanding issues in this area. The HTML Editor Provider fixes addressed some of the larger issues with the provider, although we recognize there are still several fixes and enhancements that remain for this particular item which we hope to address in the upcoming 5.5 release. The 5.4.3 release also includes a number of security fixes. As always our community continues to work with the security team to identify potential security issues and to help test the subsequent security fixes. As an Open Source project, the DotNetNuke platform and the community benefit tremendously from this collaborative relationship that allows us to discover security issue in a timely manner and quickly work to resolve them. Finally, I want to thank those community members who provided bug fixes for this months release. Their efforts help to create a better product for all of us. Below are the highlights from this months release. As usual, you can see a full list of changes in the changelog.

Major Highlights

Fixed issue where page level and TabPath were not properly updated for descendents
Implemented LinkClick functionality in Telerik editor.
Fixed issue with displaying a module on all pages.
Fixed issue with page management not working correctly.
Fixed issue where messaging was using incorrect logic to notify users.
Fixed issue with PurgeExpiredItems when the portal's home folder may not have been mapped correctly.
Fixed issue when hitting Enter while in the Tag edit text box.
Fixed issue where bulk updates did not properly repair existing modules.
Fixed a bunch of minor HTML formatting issues.
Fixed issue with sending Event Viewer exception messages when using Secure SMTP.
Fixed issue with module caching being ignored for non-browser user agents.
Improved performance by only loading HTML Module menu when user is allowed to see it.
Fixed issue where the DNNCountryEditControl does not return a value in the PropertyEditor
Fixed issue with using external URL Rewriters causing error in initWidgets.js
Fixed the issue with the ToolsFile property of the Telerik Editor to set the appropriate property on the underlying RadEditor.
protection was added to ensure that a hacker who had a valid login to a site could not use viewstate details to perform a cross-site request forgery to public functions.
alter log files extension so their existance or contents cannot be useful to potential hackers
an additional filter was added to the existing core blacklist filter to catch an invalid tag that could lead to a cross-site scripting issue
at present profile properties automatically strip dangerous XSS characters from data. In addition they support regular expressions to allow sites to configure the allowable characters. We've added an additonal html encoding to ensure dangerous html cannot be passed
due to a logical error in the profile property provider, it's possible for member only profile properties to be displayed to non-members. Code was added to protect against misconfiguration revealing sensitive data.
added additional encoding to sitelog to follow security best practices.
Improved security by HTML Encoding taxonomy tags.

Security Fixes

Logfiles contents after exception may lead to information leakage (Bulletin 37)

Cross-site request forgery possible against other users of a site (Bulletin 38)

Update inputfilter for invalid tag that could allow XSS attack (Bulletin 39)

Mail function can result in unauthorized email access (Bulletin 40)

Fix issue where member only profile properties could be exposed publically under certain conditions (Bulletin 41)

Profile properties not htmlencoding data (Bulletin 42)

Updated Modules/Providers

The following modules and providers have been updated in the 5.4.3 packages. Please see the specific project pages for notes on what bugs or enhancements were corrected with each release.

Modules

none

Providers

none

Trackback Print

Tags: DotNetNuke , Release

Categories: DotNetNuke Corporation

Location: Blogs Parent Separator

Joe Brinkman

8 comment(s) so far...

Re: DotNetNuke 5.4.3 Released

After upgrading to 5.4.3 I am STUCK in a Loop.
It upgrades from 5.4.2 to 5.4.3 Each time the site is accessed!
I have never seen this before

By Skip Floyd on 6/17/2010 3:46 PM

Re: DotNetNuke 5.4.3 Released

It looks as thought the Version Table was not updated with the New version Information
so I added a record in the table and it seams to be working now.

By Skip Floyd on 6/17/2010 3:46 PM

Re: DotNetNuke 5.4.3 Released

Hi,
I've just installed DNN 5.4.3 and there's al least one bug left with RadEditor provider. IT seems to work perfectly but I cannot edit resources files from Admin>Languages. When I open the resources files tree at \providers\HtmlEditorProviders\Telerik I cannot see the files.
Is anyone having this issue?

Regards,
Francisco

By Francisco Perez Andres on 6/21/2010 9:14 PM

Re: DotNetNuke 5.4.3 Released

On the download page it is still version 5.4.2

By Mudito de Vos on 6/21/2010 9:13 PM

Re: DotNetNuke 5.4.3 Released

5.4.3 appears to have been withdrawn from Codeplex without any other notice. I want to know what people who have upgraded to 5.4.3 should do. I can possibly revert back to my previous 4.9.5 within the next 24 hours if 5.4.3 is irreparably broken, but I'll stay on it if it will be a safe upgrade to the next version. Thanks for any advice.

By ROBAX on 6/21/2010 9:14 PM

Re: DotNetNuke 5.4.3 Released

5.4.3 was pulled as outlined in my recent blog post - www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2663/DotNetNuke-5-4-3-Has-Been-Pulled.aspx There will be an upgrade path from 5.4.3 to 5.4.4 so if you are already running 5.4.3 and can afford to wait a couple of days then you should probably stay on 5.4.3. If the bug in 5.4.3 directly impacts the modules you are using then roll-back to your prior version and we'll have a new release out later this week.

By Joe Brinkman on 6/21/2010 7:17 PM

Re: DotNetNuke 5.4.3 Released

Any idea when later this week as it is now 7 days since your last comment Joe and still no release. Thanks

By Paul Manctech on 6/28/2010 4:52 AM

Re: DotNetNuke 5.4.3 Released

@Paul - I posted an updated on the blog that I linked to above saying that the release was delayed unitl today in order to deal with some additional issues which were discovered during testing.

By Joe Brinkman on 6/28/2010 4:54 AM

Advertisers

DotNetNuke Corporation

DotNetNuke Corp. is the steward of the DotNetNuke open source project, the most widely adopted Web Content Management Platform for building web sites and web applications on Microsoft. Organizations use DotNetNuke to quickly develop and deploy interactive and dynamic web sites, intranets, extranets and web applications. The DotNetNuke platform is available in a free Community and subscription-based Professional and Enterprise Editions with an Elite Support option. DotNetNuke Corp. also operates the DotNetNuke Store where users purchase third party apps for the platform.

Community
- Get Involved
- Extension Forge
- Forum
- Blog
- Teams
- Recognition
Resources & Support
Partners
News Room
App Gallery
- The Store
- Extension Forge
What is DNN
Get Started
- Downloads
- Video Instruction
In Action
About Us
sales@dnncorp.com (650) 288 - 3150 (650) 288 - 3191

Hosted by MaximumASP