• 10.0.0 - 10.0.24
    541 201 9965 Email Website
  • Contents

    Home > Release Notes > Telerik Patch

    Telerik Patch

    Telerik recently announced a vulnerability in their controls, which AspDotNetStorefront uses for the WYSIWYG editor on several pages in the admin console. Store admins are strongly recommended to download and install the patch available at https://license.aspdotnetstorefront.com for versions PRIOR to 10.0.5


    NOTE: These instructions assume you are a subscriber to our Gold YRB benefits program. If you do not see the patch in your license portal 'Software Updates' tab (versions 9.5.1 - 10.0.4), then please check your eligibility with our ASPDNSF Help Desk . If you have onboarded to our preFIX model, then you don’t need to take any action – your store is always-up-to-date.

    Installing the Telerik Patch

    Uncustomized Sites (if you're unsure if the files below have been modified, contact your developer or whoever does the technical work on your site)


    1. Backup your site files. Please contact your site host if necessary.
    2. Download the patch through your AspDotNetStorefront License Portal 'Software Updates' tab ( Telerik Patch ).
    3. Execute the installation file locally by double-clicking the downloaded .exe file and run through the prompts, selecting an empty folder location on your computer.
    4. Copy these files from the extracted files on your computer to your site, overwriting the existing files.
      • Web/App_Themes/Admin_Default/StyleSheet.css
      • Web/bin/ASPDNSFApplication.dll
      • Web/bin/Telerik.Web.UI.dll
    5. Use the directions here to generate 3 separate keys, which should go in these lines:

      <add key="Telerik.AsyncUpload.ConfigurationEncryptionKey" value="YOUR-FIRST-KEY-UNIQUE-TO-YOUR-APP" />
      <add key="Telerik.Upload.ConfigurationHashKey" value="YOUR-SECOND-KEY-UNIQUE-TO-YOUR-APP" />
      <add key="Telerik.Web.UI.DialogParametersEncryptionKey" value="YOUR-THIRD-KEY-UNIQUE-TO-YOUR-APP" />
    6. Edit the AppSettings.config file in the root of your site, adding the 3 lines you created above plus this line:

      <add key="Telerik.AsyncUpload.TemporaryFolder" value="~/images" />

      When done, your file should look something like this:

      **Note that your values will be different than the ones shown above, and that the order of the keys doesn't matter.

    7. That's it! Your site will restart and the patch will be in place.


    Customized Sites (this should only be done by a knowledgeable developer):


    1. Follow the 'Uncustomized Sites' directions above, but also copy the new DLLs into the AssemblyReferences folder wherever you maintain the site's source code. This will ensure that the updated, patched version of the DLLs are pulled in when the site is rebuilt in the future.



    Print This Article
    Email This Article
    Previous Article
    Next Article