First time here? You may want to check out the blog archive, subscribe to the RSS feed, sign up for free email updates, or follow me on Twitter. Thanks for visiting!

Security Scare Prompts Release of DNN 4.8.3 

Posted on Sun May 25, 2008 by Tom Kraak
In: DotNetNuke, DNN Friday | 11 Comments

It’s been an interesting week to say the least. A week in which “always glad to help” took on a whole new meaning. I deliberately won’t go into further details about the security scare that rocked the DNN community in the last few days as you’ve probably wasted too much time and popcorn on it already. The bottom line is that there is no need to lose sleep over the issue from now until DNN 4.8.3 is scheduled to be released early next week. Let’s see if we actually got some work done besides dealing with greed and deceit:

As with any software product, this wasn’t DNN’s first security vulnerability and it won’t be its last. However, the DotNetNuke Security Task Force years ago outlined policies and guidelines that clearly address how to deal with security related bugs. Let’s stick to them!




Comments

Chris Hammond Sunday, May 25, 2008 at 8:34 PM Chris Hammond says:

I don't know if I would call it a scare, or a very bad attempt to increase business for one particular company. Talk about getting a bad name in the community!

Tom Kraak Sunday, May 25, 2008 at 10:12 PM Tom Kraak says:

What in heaven's name made them think they would ever get away with this?

Bruce Chapman Monday, May 26, 2008 at 4:06 AM Bruce Chapman says:

Good advice for those who have got themselves into a DNN forums bun-fight:
"When one finds oneself in a hole, it is wise to put down the shovel and stop digging."

On the MVC stuff - it's going to be difficult to integrate this into the webforms-centric DNN model. I wonder if the core team are going to take a stand and say 'no mvc', or are going to see if there are any benefits to incorporating into the core. I'll be looking to see if there is benefit/possibilities of incorporating it into third party modules.

Thanks for linking my blog post, hopefully it will illuminate a few light bulbs for developers.

Peter Schotman Monday, May 26, 2008 at 7:06 AM Peter Schotman says:

Thanks for the links Tom!

Yes, the sucurity soap did cost me a least half a day, and some uncertainty about how to protect my clients. It is disturbing to see how one party can bring the whole community in turmoil. What is even more troubling, is that they don't seem to care that much.

WRT to multi lingual websites, Erik (van Ballegoij) has an alternative way to translate pagenames and titles: http://www.apollo-software.nl/Default.aspx?tabid=169&EntryID=6

Tom Kraak Monday, May 26, 2008 at 9:28 AM Tom Kraak says:

Thanks for chiming in guys and pointing to other valuable resources.

Yehuda Tiram Monday, May 26, 2008 at 11:01 AM Yehuda Tiram says:

I agree with Peter. When you have clients that count on you (and they are not part of DNN active community) it is very disturbing to realize that after all we may walk on a swampy dune. Especially when some are really indifferent to the outcome of their actions as far as they don't directly affect their backyard. (which of course is far from reality, making a hole in the boat will drown everyone in it(
As for the support for multi-language websites issue I do not agree that it is minimal. I build almost only Hebrew sites (which are also RTL as an extra challenge) and I find very few issues with it. Most of the ML issues are with 3rd party modules that simply do not really care about it. (and some of them are prominent ones).
In my home made modules I completely take care of it with the regular DNN/ .NET developing tools.
Yehuda

Tom Kraak Monday, May 26, 2008 at 11:07 PM Tom Kraak says:

Yehuda - I was referring to the lack of "build in" content localization. How have you dealt with that?

Néstor Sánchez Tuesday, May 27, 2008 at 12:45 AM Néstor Sánchez says:

Would you care to explain how exactly Haack slipped into a DNN Friday? May be this post "haacked" its way into your blog? :)

Mitchel Sellers Tuesday, May 27, 2008 at 1:22 AM Mitchel Sellers says:

Yes, the whole security scare item was horrible, but now we all just have to upgrade and it will be behind us..

Tom Kraak Tuesday, May 27, 2008 at 11:54 PM Tom Kraak says:

Phil Haack may not be directly related to DNN, but his current work at MS will certainly find it's way into the framework sooner or later.

I also had a quick chat with him at last year's OpenForce and he's just a nice, down-to-earth kind of guy with a passion for Open Source.

On a different note, DNN 4.8.3 is officially out now.

Rodney Joyce Monday, June 02, 2008 at 8:18 PM Rodney Joyce says:

Hi Tom,

Useful roundup as always - out of interest, I was considering making PokerDIY.com multi-lingual but after looking into it more I aborted due to time/cost. I did a little post on free and nasty localization using Google Translate. You can read it here:
http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/77/threadid/232385/scope/posts/Default.aspx

Name (required)

Email (will not be published) (required)

Website

Enter the code shown above in the box below

Subscribe to our Feeds Follow on Twitter