@galatrash galatrash released this Dec 7, 2017 · 8 commits to master since this release

Assets 3
  • This build automatically applies missing Telerik's security related web.config entries. Upon first load of Security Analyzer, you may see Telerik web.config related warning. The warning should go away after a page refresh.

  • Often Security Analyzer timed out during first load on sites with larger number of files. We have moved that functionality out. Now, you can click on a button to run that separately. We are seeing running it manually to be not causing any timeouts.
    hiddenfilescheckbutton

@ashishpd ashishpd released this Sep 16, 2017 · 25 commits to master since this release

Assets 3

Security Analyzer can warn if your DNN site is using an insecure version of Telerik.Web.UI.DLL. Recently, we released an updated version of this DLL. The Security Analyzer had to be updated as well to register the new version of this assembly.

The following changes went into this release:

  • Ignoring deleted Super Users from the "Check if superusers are not regularly changing passwords" check (pull request #26 ).
  • Remove unnecessary exceptions in the "Check for extra disk/folders access" where site didn't have ANY permission to few folders (pull request #19 ).
  • Updated the checks to take into consideration the latest Telerik patch (HotFix2017.1-1.2.0).
  • Automatically create Telerik.Upload.ConfigurationHashKey web.config entry when not present.

More details about the reasons behind this update can be found here: http://www.dnnsoftware.com/community-blog/cid/155449/critical-security-update--september2017

@ashishpd ashishpd released this Jul 27, 2017 · 41 commits to master since this release

Assets 2

This release is a quick follow on to the 8.1.0 release done a day earlier. It has the following changes:
SecurityAnalyzer_08.01.01_Install.zip

  1. Auto add Telerik key
  2. Better error handling
Assets 3

This release of Security Analyzer provides fix for the critical security issue - 2017-08 (Critical) - Possible remote code execution on DNN sites. Tool should be applied on ALL DNN and Evoq versions 5.6.2 up until 9.1.1.

More details about the tool can be found here:
http://www.dnnsoftware.com/community-blog/cid/155438/new-release-of-dnn-security-analyzer

@ashishpd ashishpd released this Jun 9, 2016 · 87 commits to master since this release

Assets 3

SecurityAnalyzer_08.00.02_Source.zip
Last year we released a stand-alone security tool to check if your DNN site is configured correctly from security point of view. This tool was very well received by our customers and community. In light of the recent security incident on DNN sites, we decided to update this tool to detect additional misconfigurations.

More details here: http://www.dnnsoftware.com/community-blog/cid/155364/updates-to-security-analyzer-tool

@jbrinkman jbrinkman released this Jun 7, 2016 · 103 commits to master since this release

Assets 3

The DNN Security Analyzer is a module aimed at helping you to improve the security on your DNN website. This initial version of the module automatically resolves a recently discovered issue with the InstallWizard and provides helpful guidance on other potential configuration issues which might leave your site vulnerable. In addition this release includes the ability to scan your database and files for a specific word or phrase which is useful to help track down defacement issues on your site.

This module will become a standard part of the DNN Platform distribution starting with DNN 7.4.1. We wanted to get this module into the community's hands as quickly as possible and have made this version compatible with DNN 6.2.0 and above.

audit checks

@kanm2015 kanm2015 released this Jan 19, 2016 · 131 commits to master since this release

Assets 3

This is a small release to fix a resx key.

@jbrinkman jbrinkman released this Sep 17, 2015 · 135 commits to master since this release

Assets 3

This is a small release to fix the module icons. This also fixes some packaging issues.

May 16, 2015
update manifest to indicate the module is azure compliant