DotNetNuke Tips & Tricks

Thursday, January 20, 2011 by Cuong Dang

DotNetNuke 5.6.1 Released with Two Critical Security Fixes

Filed under: DotNetNuke

As of yesterday DotNetNuke released version 5.6.1 to public that contains 2 major security fixes. Cathal Connolly, DotNetNuke Security Core Team member, has published the latest security bulletin today on to explain the details.

The two critical security fixes are ‘edit level users have admin rights to module’ and ‘unauthenticated user can install/uninstall modules’. If your website isn’t currently on DotNetNuke 5 and above, you don’t have to worry about upgrading. For sites that are currently on 5.x, we are strongly encourage to upgrade to 5.6.1 to prevent further security vulnerability.

In addition to the above two critical fixes, there are other five low security issues have been addressed in this latest version as follow:

  • Failure to filter viewstate exception details can lead to reflective xss issue
  • Remove OS identification code
  • Add additional checks to core input filter
  • Change localized text to stop user enumeration
  • Ensure that profile properties are correctly filtered

If you have any questions, please feel free to let us know. In the meantime, you can read more about the details of Cathal’s post here.


blog comments powered by Disqus