Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Upgrading DNN P...Upgrading DNN P...Critical Update!?Critical Update!?
Previous
 
Next
New Post
8/14/2014 2:28 PM
 
Tom


Joined: 9/23/2011
Posts: 458

Hi, I'm running 7.1.2 on live government website, and just noticed when logged in as host, that I have a red "Critical Update" link on the toolbar.

I wasn't planning (or have time for) an upgrade at this time. Is this really critical? Will it cause problems if I wait to upgrade? Please advise me.

Thanks

Tom
 
New Post
8/15/2014 6:06 AM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
Tom,
AFAIK there are no critical security issues, but for a number of reasons including Performance I'd suggest not waiting too long to upgrade your site.
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
8/15/2014 11:13 AM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
yes, there is a critical update for the automated spam registrations. Strictly speaking that falls into the "moderate" category based on our levels at http://www.dnnsoftware.com/platform/manage/security-center as it only affects sites with registration, and the attack is limited to created new users and does not cause other issues, however as it is a growing issue and for those it affects it can mean hundreds or even thousands of fake users (and impact performance), I choose to declare it as a critical issue, hence the warning. If you site does not use registration you can ignore the warning, but if you use public or verified registration I recommend upgrading. Note: Please read "2014-02 (Critical) improve captcha logic & mitigate against automated registration attacks" at http://www.dnnsoftware.com/platform/manage/security-center for full details - there were a number of captcha fixes, the key one of which was a fix to stop one captcha challenge being used for multiple registration (we also changed the colour range and distortion of the image, but that's a much less important fix)
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
8/15/2014 2:21 PM
 
Tom


Joined: 9/23/2011
Posts: 458
Thanks both of you for the information.
Cathal, we don't use public registration. We just register a small amount of admins to maintain their sites. As I've stated on other threads, I've been seeing regular failed illegitimate attempts to log in for the last several weeks, and am taking precautions (having users stregnthen/change their passwords, etc). Our server team is looking into IP range blocking through IIS7 as well.
I recall that DNN's Login IP Filter should work properly in 7.3.1 as you told me. When I get time I will upgrade (first on a test server...). But for now I don't have the time to do so.
It sounds like I'll be OK for now without upgrading (let me know if you think otherwise..)

Thanks again
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Upgrading DNN P...Upgrading DNN P...Critical Update!?Critical Update!?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out