Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...4.8.3 update: what changed?4.8.3 update: what changed?
Previous
 
Next
New Post
5/31/2008 10:35 PM
 

The severity of the issue reported at Security Focus is low.

I am sure it is being validated and if necessary addressed by the security task force. As usual to find out more about our policy you may visit http://security.dotnetnuke.com.


Do you know the truth when you hear it?
Néstor Sánchez
The Dúnadan Raptor -->Follow Me on Twitter Now!
 
New Post
5/31/2008 10:47 PM
 

Those who manage their own web servers, should install the URLscan filter, it should be able to remove the malformed part of the URL.


Do you know the truth when you hear it?
Néstor Sánchez
The Dúnadan Raptor -->Follow Me on Twitter Now!
 
New Post
6/2/2008 3:29 PM
 

4.8.3 is breaking many of my sites.

Im assuming that status, error, etc messages are being placed  into the url by MANY custom modules..

"Redirect URI cannot contain newline characters."

 

 
New Post
6/2/2008 6:05 PM
 

Brian, thats very strange. There were only 4 changes for 4.8.3 and none involved changes to code that read paths or redirect (there were changes in install.aspx, installwizard.aspx, some filesystemutils stuff and code to delete certain files). Please check your database to see if any new characters have been injected, i know of some users who suffered sql injection attacks (http://www.dotnetnuke.com/Community/Forums/tabid/795/forumid/118/threadid/227881/scope/posts/Default.aspx) via 3rd party modules, perhaps that's at the root of your problem.

Cathal


Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
6/2/2008 7:48 PM
 

Brian, I checked with sourceforge statistics (http://sourceforge.net/project/stats/detail.php?group_id=77052&ugn=dnn&type=prdownload&mode=alltime&package_id=77939&release_id=602419) and theres been 16000+ downloads of 4.8.3, and I can't find anyone else reporting your issue, so it looks like it's something particular to your setup. I'd recommend checking your database and any common components such as httphandlers, url rewriters etc.

Cathal


Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...4.8.3 update: what changed?4.8.3 update: what changed?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out