10.0.x
541 201 9965 Email Website
Contents
:
Search:

Home > Release Notes > Telerik Patch

Telerik Patch

Telerik recently announced a vulnerability in their controls, which AspDotNetStorefront uses for the WYSIWYG editor on several pages in the admin console. Store admins are strongly recommended to download and install the patch available at https://license.aspdotnetstorefront.com

 

NOTE: These instructions assume you are a subscriber to our Gold YRB benefits program. If you do not see the patch in your license portal 'Software Updates' tab (versions 9.5.1 - 10.0.4), then please check your eligibility with our ASPDNSF Help Desk . If you have onboarded to our preFIX model, then you don’t need to take any action – your store is always-up-to-date.

Installing the Telerik Patch

Uncustomized Sites (if you're unsure if the files below have been modified, contact your developer or whoever does the technical work on your site)

 

  1. Backup your site files. Please contact your site host if necessary.
  2. Download the patch through your AspDotNetStorefront License Portal 'Software Updates' tab ( Telerik Patch ).
  3. Execute the installation file locally by double-clicking the downloaded .exe file and run through the prompts, selecting an empty folder location on your computer.
  4. Copy these files from the extracted files on your computer to your site, overwriting the existing files.
    • Web/App_Themes/Admin_Default/StyleSheet.css
    • Web/bin/ASPDNSFApplication.dll
    • Web/bin/Telerik.Web.UI.dll
  5. Use the directions here to generate 3 separate keys, which should go in these lines:

    <add key="Telerik.AsyncUpload.ConfigurationEncryptionKey" value="YOUR-FIRST-KEY-UNIQUE-TO-YOUR-APP" />
    <add key="Telerik.Upload.ConfigurationHashKey" value="YOUR-SECOND-KEY-UNIQUE-TO-YOUR-APP" />
    <add key="Telerik.Web.UI.DialogParametersEncryptionKey" value="YOUR-THIRD-KEY-UNIQUE-TO-YOUR-APP" />
  6. Edit the AppSettings.config file in the root of your site, adding the 3 lines you created above plus this line:

    <add key="Telerik.AsyncUpload.TemporaryFolder" value="~/images" />

    When done, your file should look something like this:

    **Note that your values will be different than the ones shown above, and that the order of the keys doesn't matter.

  7. That's it! Your site will restart and the patch will be in place.

 

Customized Sites (this should only be done by a knowledgeable developer):

 

  1. Follow the 'Uncustomized Sites' directions above, but also copy the new DLLs into the AssemblyReferences folder wherever you maintain the site's source code. This will ensure that the updated, patched version of the DLLs are pulled in when the site is rebuilt in the future.

 

 



Actions
Print This Article
Bookmark
Email This Article
Previous Article
Next Article

Was this page helpful?YesNo