- Added MIT License file
- Added support for RTL languages
- Added check for Dnn 9
- Performance improvements
If you are using Dnn 9, do not install this module, the new security analyzer is built in the Persona Bar since Dnn 9.
If you are upgrading a Dnn site to Dnn 9, this module should be uninstalled since the new security analyzer is built in the Person Bar since Dnn 9.
This build automatically applies missing Telerik's security related web.config entries. Upon first load of Security Analyzer, you may see Telerik web.config related warning. The warning should go away after a page refresh.
Often Security Analyzer timed out during first load on sites with larger number of files. We have moved that functionality out. Now, you can click on a button to run that separately. We are seeing running it manually to be not causing any timeouts.
Security Analyzer can warn if your DNN site is using an insecure version of Telerik.Web.UI.DLL. Recently, we released an updated version of this DLL. The Security Analyzer had to be updated as well to register the new version of this assembly.
The following changes went into this release:
- Ignoring deleted Super Users from the "Check if superusers are not regularly changing passwords" check (pull request #26 ).
- Remove unnecessary exceptions in the "Check for extra disk/folders access" where site didn't have ANY permission to few folders (pull request #19 ).
- Updated the checks to take into consideration the latest Telerik patch (HotFix2017.1-1.2.0).
- Automatically create Telerik.Upload.ConfigurationHashKey web.config entry when not present.
More details about the reasons behind this update can be found here: http://www.dnnsoftware.com/community-blog/cid/155449/critical-security-update--september2017
This release is a quick follow on to the 8.1.0 release done a day earlier. It has the following changes:
- Auto add Telerik key
- Better error handling
This release of Security Analyzer provides fix for the critical security issue - 2017-08 (Critical) - Possible remote code execution on DNN sites. Tool should be applied on ALL DNN and Evoq versions 5.6.2 up until 9.1.1.
More details about the tool can be found here:
Last year we released a stand-alone security tool to check if your DNN site is configured correctly from security point of view. This tool was very well received by our customers and community. In light of the recent security incident on DNN sites, we decided to update this tool to detect additional misconfigurations.
The DNN Security Analyzer is a module aimed at helping you to improve the security on your DNN website. This initial version of the module automatically resolves a recently discovered issue with the InstallWizard and provides helpful guidance on other potential configuration issues which might leave your site vulnerable. In addition this release includes the ability to scan your database and files for a specific word or phrase which is useful to help track down defacement issues on your site.
This module will become a standard part of the DNN Platform distribution starting with DNN 7.4.1. We wanted to get this module into the community's hands as quickly as possible and have made this version compatible with DNN 6.2.0 and above.