Telerik recently announced a vulnerability in their controls, which AspDotNetStorefront uses for the WYSIWYG editor on several pages in the admin console. Store admins are strongly recommended to download and install the patch available at https://license.aspdotnetstorefront.com for versions PRIOR to 10.0.5
NOTE: These instructions assume you are a subscriber to our Gold YRB benefits program. If you do not see the patch in your license portal 'Software Updates' tab (versions 9.5.1 - 10.0.4), then please check your eligibility with our ASPDNSF Help Desk . If you have onboarded to our preFIX model, then you don’t need to take any action – your store is always-up-to-date.
Installing the Telerik Patch
Uncustomized Sites (if you're unsure if the files below have been modified, contact your developer or whoever does the technical work on your site)
Backup your site files. Please contact your site host if necessary.
When done, your file should look something like this:
**Note that your values will be different than the ones shown above, and that the order of the keys doesn't matter.
That's it! Your site will restart and the patch will be in place.
Customized Sites (this should only be done by a knowledgeable developer):
Follow the 'Uncustomized Sites' directions above, but also copy the new DLLs into the AssemblyReferences folder wherever you maintain the site's source code. This will ensure that the updated, patched version of the DLLs are pulled in when the site is rebuilt in the future.