DNN / DotNetNuke / Evoq — Secure and Latest Versions

DNN
 
 
As a courtesy to our customers, we maintain a list of recent versions and the important security updates for DNN / DotNetNuke. Generally, the most current version of your CMS is the most secure, but if you have an older version of your CMS, it can be hard to find information on whether your version is secure or not.
 
For the most recent version of DNN, please visit DNN Software's website.
For other versions of DNN & full patch notes you can reference the Official DNN Github Page
 

What is the latest secure version of DNN?

DNN 9.13.3 — Minor Feature Updates & Bug Fixes
 
DNN 9.13.3 is a minor update to the platform
 
Notable Changes
 
  • Updated several dependencies
  • Bug Fixes
 
DNN 9.13.2 — Minor Feature Updates & Bug Fixes
 
DNN 9.13.2 is a minor update to the platform
 
Notable Changes
 
  • Added file open command to Resource Manager
  • Bug Fixes
 
DNN 9.13.1 — Minor Feature Updates & Bug Fixes
 
DNN 9.13.1 is a minor update to the platform
 
Notable Changes
  • Improved Logging
  • Improved Caching in multiple areas
  • Updated depdencies
  • Bug Fixes
 
DNN 9.13.0 — Feature Updates & Bug Fixes
 
DNN 9.13.0 is a major update to the platform
 
Notable Changes
 
  • CKE added option to allow file browsers by permissions
  • Updated SMTP Provider to support OAuth Authentication
  • Updated several dependencies
  • Bug Fixes
 
DNN 9.12.0 — Minor Feature Updates & Bug Fixes
 
DNN 9.12.0 is a minor update to the platform
 
Notable Changes
 
  • Added new Google Analytics Connector
  • Bug Fixes
 
DNN 9.11.2 — Minor Feature Updates & Bug Fixes
 
DNN 9.11.2 is a minor update to the platform
 
Notable Changes
 
  • Added UserID to the Users module
  • Minor Scheduler Adjustment
  • Bug Fixes
 
DNN 9.11.1 — Minor Feature Updates & Bug Fixes
 
DNN 9.11.1 is a minor update to the platform
 
Notable Changes
 
  • Minor updates to the newly implemented Resource Manager
  • Minor updates to several dependencies
  •  Bug Fixes
 
DNN 9.11.0 — Feature Update
 
DNN 9.11.0 is a major update to the platform
 
Notable Changes
 
  • Optional Telerik Removal. Telerik can still be used for modules that have a dependency on it. But, it will not be included in a fresh install
  • Resource Manager (file management) has been redeveloped from the ground up.
  • Performance Improvements. Updated a large number of dependencies, including Newtonsoft.Json & PetaPOCO.
  • Minor Bug Fixes
 
DNN 9.10.2 — Minor Feature Update
 
DNN 9.10.2 is an update to the minor version of the platform.
 
Improvements
  • Corrects some styling issues with IE11
  • Corrects a typo in CKEditor for dnnpages plugin in french
  • Allows multiple DesktopModules per PackageID
  • Removes module specific styling for a default DNN Button
  • Removes of "Dummy" from code
 
Fixes
  • Fixes a serialization issue with authentication config
  • Fixes an issue that prevented inserting links using the default HTML Editor Provider
  • Adds back alternate views for core mail provider
  • Fixes an issue where custom Analyzer types generate System.MissingMethodException
  • Fixes an issue where it was impossible to edit html on child portals
  • Fixes an issue where the wrong RedirectAfter tabs were showing for localized sites
 
DNN 9.10.1 — Minor Feature Update
 
DNN 9.10.1 is an update to the minor version of the platform and includes a fix for a known, undisclosed security issue.
 
Fixes
  • Fixes an issue where deleting the parent page while the child page was open didn't redirect
  • Fixes an issue where dnn.js was not requested for cookie consent
  • Fixes an issue where the wrong PortalId was getting set when there were multiple sites existing
  • Fixes an issue where some field values were missing in messaging
 
DNN 9.10.0 — Minor Feature Update
 
DNN 9.10.0 is an update to the minor version of the platform.
 
Features
  • Adds support for Azure folder provider cache-control
  • Improves base styling of PersonaBar & EditBar and allows for customization
  • Brings back update notification
  • Adds Web.config schema validation to the Configuration Manager
  • Adds support for absolute and relative URLs for pages
Improvements
  • Adds email to password sent message for error tracing
  • Improves wording on Site Groups localization
  • Clarifies text on module anchor feature
  • Improves validation of IP address for login
  • Removes the logo from the Under Construction page
  • Enhances styling for server summary in persona bar
Fixes
  • Fixes an issue where disabling password strength meter did not disable it in the password reset form
  • Fixes an issue where MailKitMailProvider used an incorrect mail priority
  • Fixes an issue where FolderManager would sometimes throw a null reference exception
  • Fixes an issue where some tool-tips were not visible in SiteGroups
  • Fixes an issue where the HTML Editor Manager would fail to load
  • Fixes an issue with RedirectAfter settings being overwritten
  • Fixes an issue the prevented uploading files into assets on Turkish localization
  • Fixes an issue where Breadcrumbs had invalid metadata for disabled pages
  • Fixes some typos in Prompt localization
  • Fixes an issue where exporting a page after changing a module's order within the same pane didn't reflect in imported site
  • Fixes an issue where Cache-Setting 'NoCaching' was not saved
  • Fixes an issue where UserInfo.UserName was wrong with "Use email as username" setting turned on
  • Fixes an issue where SQL Console raised an error for variable declarations with "@" character
  • Fixes an issue where the profile picture was not shown to anonymous users
  • Fixes an issue that prevented RC1 from installing or upgrading
 
DNN 9.9.1 — Minor Feature Update
 
DNN 9.9.1 is a minor update to fix existing bugs and add two new features.
 
Features
  • Adds support for Page Stylesheets stored in AzureFolderProvider
  • Adds capability to add existing modules from other sites in site group
Fixes
  • Fixes an issue where AzureFolderProvider was uploading the same file with different case
  • Fixes an issue where the PersonaBar would not load if in an iframe
  • Removes the extra hard-coded spaces from UserAndLogin Theme Object
  • Ensures the content is decoded before being passed to tokenization providers
  • Fixes an issue where checksums where not generated in CI builds
  • Fixes an issue where CK-Editor provider did not include image files in install package
  • Fixes redirect to primary alias when PortalAliasMapping is set to redirect
  • Fixes upgrade issue involving MailKit by including it in a package
  • Fixes an issue that prevented MailKit configuration upon some upgrades
 
DNN 9.9.0 — Minor Feature Update
 
DNN 9.9.0 is an update to the minor version of the platform and, importantly, adds the ability to remove all Telerik references from the framework.
 
Features
  • Adds optional Telerik removal
  • Adds support for additional mail providers
  • Adds new Quick Add Module option from the edit bar
  • Adds optional EasyImage upload in CK Editor plugins
  • Adds new Web Servers tab in Servers persona bar module
Improvements
  • Updates CK Editor to version 4.15.1
  • Updates Azure connector logo to current logo
Fixes
  • Fixes an issue where it was impossible to create a page of type "file"
  • Fixes an issue where page redirect always returned 301 (permanent) regardless of setting
  • Restores Mail.ConvertToText method that was accidentally removed
  • Fixes an issue with PortalInfo.PortalId by removing a member that varied only by case and caused issues with case insensitive languages
  • Properly show errors as an error and not a success in log settings
  • Resolves an issue where new sites could not be created due to missing sitemap settings in the sites templates
  • Fixes a caching issue in TermsController
  • Resolves issue with lowercase URL's and account verification
  • Fixes an issue with DnnImageHandler when the file-path had mixed casing
  • Fixes an issue with the link popup in the new CK Editor version
  • Fixes an issue where users where unable to upload files when there was an unexpected line break at allowable file extensions
  • Fixes an issue where sitemap priority was incorrectly defaulting to 0 for new pages instead of 0.5
  • Fixes an issue where MailKit was missing BouncyCastle.Crypto reference
  • Fixes an issue that prevented Google Tag Manager to create scripts and delete connections
  • Fixes an issue where BCC and CC where not applied on emails
  • Adjusts mailkit provider to automatically handle TLS negotiation
  • Optimizes images compression
  • Addresses a potential email parsing error
  • Removes the samples folder from CKEditor
 
DNN 9.8.1 — Minor Feature Update
 
DNN 9.8.1 is a minor update to fix existing bugs and add several new features.
 
Features
  • Adds Page ID to the Page Management UI
  • Adds google tagmanager connector
  • Implements EnablePopups switch in portal settings PB module
  • Adds InjectModuleHyperlink and InlineEditorEnabled to the SiteSettings module
Improvements
  • Ensures comments are only inserted when necessary in web.config
  • Changes WebConfigurationManager for ConfigurationManager allowing users to implement the connection string is AppService and remove it from the web.config
  • Improves error message when uploading an invalid extension
  • Prevents caching pages that are redirected
  • Removes dragover state from element when dragged between pages
  • Updates the monaco font so it uses a monospace font
  • Removes "Running Default" check from Default.aspx
  • Avoids checking user permissions if there is no user
Fixes
  • Fixes an issue where redirect after login would not work if the login page had a different name than "login"
  • Fixes an issue where the country/region lists would show the id instead of the name when used by keyboard
  • Fixes an issue where creating multiple pages would not properly validate for a valid parent page
  • Corrects a wrong tooltip about SEO page priorities
  • Resolves all build warnings in Google Analytics Connector
  • Removes an impractical rule about merging pull requests
  • Resolves an InvalidData exception in DFS environments when exporting sites
  • Fixes an issue where the registration module would use the incorrect language
  • Fixes an issue with SCAYT getting the wrong language code
  • Fixes an issue where the data reader would not get disposed
  • Fixes an issue where the validation lines where incorrect for the new password field
  • Fixes DataProvider failures
  • Ensures properties in DTO objects use backing fields. This cause localization issues with serialization
  • Fixes AddContentItem Audit Trail for CreatedByUserId & LastModifiedByUserId
  • Fixes an issue where Umlaut characters in URL caused module setting error
  • Fixes a wrong sitemap configuration on portal creation
  • Reverts a commit that caused issues with language cookies
  • Fixes an issue where the AssemblyInstaller would fail removing a dll if it was already missing from disk
  • Fixes an issue where denying the ADD permission for a role on an asset would make it invisible to users on CKE Editor
DNN 9.8.0 — Feature Update
 
DNN 9.8.0 is a major feature update that features a large number of bug patches, a new optional file manager called Resource Manager, the ability to edit the robots.txt file in the user interface, and allows a developer to remove Telerik dependencies from the DNN framework entirely if desired.
 
Features
  • Implements a new optional file manager called Resource Manager
  • Adds host setting option and ability to use settings outside module context
  • Adds support for editing the robots.txt on a website
Improvements
  • Implements Email Provider support
  • Adds support for C# Async Constructs During Page Rendering
  • Replaces momentjs with dayjs in Servers.Web
  • Replaces momentjs with dayjs in Users.Web
  • Removes all unused code from Upgrade/Installer Code
  • Removes the Improvement Program
  • Adds a scheduled task to purge Expired JWT tokens
  • Adds portal name to SMTP test email for better identification
  • Swapps CodeMirror for Monaco Editor
  • Removes Telerik references
  • Adds personaBarContainer css class together with incorrect personalBarContainer
  • Lowercases the meta tag names in rendered html
  • Updates DDR Menu to be System Package and prevent accidental uninstallation
  • Refactors JWT provider code
  • Upgrades optional packages when they've already been installed
Fixes
  • Fixes an issue where modules without a minifest would not follow Dnn versioning
  • Fixes a UI alignment issue with Search Results
  • Fixes an issue where all emails where missing the body
  • Fixes an issue where new users would have no preferred locale
  • Fixes an issue where newly created sub-folder was not shown if the parent folder name starts with 0
  • Fixes an issue where the module friendly name was not updated as part of module extension update
  • Fixes an issue where is was not possible to set page permissions for "unauthentication users" role
  • Fixes a styling issue for checked Accept License checkbox in Extension installer
  • Fixes an issue where the React common components would interfere with container CSS class
  • Fixes an issue where module dialog added new module to wrong pane
  • Fixes an issue where the incorrect icon would show for errors in the Pages module
  • Fixes an issue where Dnn would not install due to a missing config file
  • Fixes an issue where some Visual Basic modules would fail due to members that differed only by case
  • Removes beacon setting on upgrade
  • Fixes an issue with module pane placement after export/import
  • Fixes an issue where 09.07.03.config was not included in the project
  • Fixes an issue that would cause an infinite redirect loop on mobile
  • Fixes an issue where some dates where not parsed with invariant culture which caused issues for non-Gregorian calendars
  • Fixes an issue where the Event Log would fail silently during application startup
  • Fixes an issue where page title and description would get saved with site values unintentionnally
  • Fixes an issue with profile image visibility
  • Fixes an issue where line breaks and year tokens would not be properly formatted in Social Messaging
  • Ensures new Localization HTTP module is running soon enough
  • Removes Localization HTTP module from config
  • Fixes Localization Issues in WebAPI
  • Fixes the web.config errors for the new Localization module
DNN 9.7.2 — Minor Feature Update
 
DNN 9.7.2 is a minor update to fix existing bugs.
 
Improvements
  • Creates IPortalAliasService for Dependency Injection
  • Moves pencil icon to the right ... menu in pages module
  • Implements sorting in column headers on the users table
  • Uses request scope in PortalModuleBase
  • Changes 'DNN Error' to 'Application Error'
  • Adds the ability to set mobile view cookie name in root web.config
  • Warns admins about running search indexer on wrong server
Fixes
  • Fixes an issue where page went into wrong workflow state after import
  • Fixes an issue with user management in portal groups
  • Fixes bug with hierarchical vocabularies
  • Fixes an issue where a new page was created by "Add page", the "Advanced/More/Secure Connection" property was always stored as "Off", regardless of the setting in the UI
  • Fixes an issue in creating multiple pages validation passed with same page name on same hierarchy
  • Fixes an issue that prevents 9.7.0 to 9.7.1 upgrades
DNN 9.5.0 — Feature Update
 
DNN 9.5.0 is a major feature update that fixes numerous bugs in the DNN platform
 
Features
  • Added support for SSL offloading values in headers
  • Added a new banned icon to indicate unauthorized users
  • Added glob pattern support to manifest file cleanup component
Improvements
  • Ensures just setting the timezone prop in settings does not save to the database until a save is requested
  • Improved display of journal links and comments (word wrapping)
  • Improves display of missing language flags
  • Moved email and display name above username and password in registration form
  • Made form messages 100% width for better responsive alignment in modules
  • Updated several localization texts to better represent current Dnn UI
  • Bumped jQuery and jQuery related plugins versions
  • Improved progress bar on translation progress
  • Fixed a typo FreindlyName => FriendlyName
  • Ensures that a user is read from data store before we use it in mail
  • Improved display of import progress
  • Fixed a typo in Azure folder settings Syhchronization => Synchronization
  • Updated Blueimp uploader to the latest version
  • Enhanced robots.txt to better support modern development practices
  • Removed Dnn Copyright injection
  • Changed cache-busting URLs to use a hash
  • Improved performance in the pages treeview
  • Improved performance of core messaging
Fixes
  • Fixed an issue when logging 404 errors with invalid UrlReferrer
  • Fixed an issue where the login page would go into an infinite loop in SSL offloaded environments
  • Fixed an issue where in some cases it was impossible to edit module settings after moving a module to another page
  • Fixed an issue where PageTags where created in the wrong vocabulary scope
  • Fixed an issue where module settings would not save under some conditions
  • Fixed multiple issues with wrong mapping of Canonical and None mapping types
  • Fixed an issue that would show an error when trying to delete a localized version of the home page
  • Fixed an issue where the wrong CDN protocol was used under SSL Offloading environments
  • Fixed an issue where opening page settings would sometimes show the settings for another page
  • Fixed a display issue of Enabled and Priority in sitemap settings
  • Fixed an issue where it was not possible to get the module ID properly when redirect mixed case URLs was enabled
  • Changed the update service URL to a new service
  • Fixed an issue where the wrong portal alias was used when adding new languages
  • Fixed an issue where the wrong alias would show when editing portal URLs
  • Restored a resource key that was accidentally deleted as part of GDPR
  • Fixed an issue where connectors would change name upon disconnection or when adding multiple connectors
  • Fixed an issue where pages in redirect mode would not work under SSL Offloaded environments
  • Fixed module find logic in module attribute to not return deleted modules
  • Fixed an issue with using dependency injection in MVC modules
  • Fixed an issue where the Console and Module Creator modules would not install
  • Fixed an issue where page tags where not kept when exporting a site and importing it on another instance
DNN 9.4.4 — Minor Feature Update
 
DNN 9.4.4 is a minor feature update that fixes a bug in the DNN platform
 
Fixes
  • Fixed a regression issue where MVC modules could have a memory leak issue
 
DNN 9.4.3 — Minor Feature Update
 
DNN 9.4.3 is a minor feature update that fixes several bugs in the DNN platform
 
Improvements
  • Allows changing from email while testing SMTP configurations
Fixes
  • Fixed a regression issue where modules that use friendly Urls stopped working in 9.4.2
  • Moved country above region in user profile so the region dropdown populates with correct value for the selected country
  • Fixed an issue where it was impossible to delete a social role if the group folder was not empty
  • Fixed an issue where Select All was not working in site assets
  • Fixed an issue where the scheduler would fail when trying to delete removed objects
  • Fixed a work breaking issue in the journal
  • Fixed an issue in the Servers Persona Bar module where the underlaying page would not reload when requested to
  • Fixed an issue where auto-generated child portal urls would include invalid alphanumeric characters
  • Fixed an issue where the google analytics connecor would incorrectly lowercase the trackingId value
Known Issues
  • There is currently a possible memory leak issue with MVC modules
 
DNN 9.4.2 — Minor Feature Update
 
DNN 9.4.2 is a minor feature update that adds functionality to the DNN platform
 
Improvements
  • Usernames are no longer changed to the emails when the settings required the email as username
  • Added a warning during install/upgrades that .Net Framework 4.7.2 is required if not present
  • Added a tooltip to indicate to use about 60 characters for best SEO on site descriptions
  • Remove Thread Cancellation from OAuthClientBase Implementation
  • Created INavigationManager to replace Globals.NavigateURL to use Dependency Injection
  • Improvements with module permissions when copying modules
  • Whitespace is now properly visible in the log viewer
  • Removed "No Search Results" display before any search is performed
  • Improved install process to use managedPackage for library dependencies
  • Made navigation stays on same page after creating a new group instead of redirecting to the group page
Fixes
  • Updated default portal template so it provides default permissions on portal folders
  • Fixed an issue where site settings where not working after setting up "PRIVACY" section on multi language sites
  • Fixed an issue where sending multiple emails with attachments would fail
  • Fixed an issue where the validation of alphanumeric characters for password requirements was wrong
  • Fixed an issue where it was impossible to remove a site logo
  • Fixed issue where vocabularies would cause an infinite loop
  • Fixed an issue where users could not verify their account if they lost their original account verification email by adding a resend verification link to the unverified account message
  • Prevents creation of blank role group names
  • Fixed a memory leak issue with web api modules
  • Fixed an issue where module settings dialog could not be opened if urls where converted to lower case
Known Issues
  • It appears we might have an unwanted breaking change in DotNetNuke.Services.Url.FriendlyUrl.FriendlyUrlProvider.FriendlyUrl. If you have modules that use this API you may need to recompile them adding a reference to DotNetNuke.Abstractions.dll or wait for a resolution on this issue.
 
DNN 9.4.1 — Minor Feature Update
 
DNN 9.4.1 is a minor update to the platform that focuses heavily on bug fixes
 
Improvements
  • Added missing html encoding to exceptions in the Admin Log
  • Added a warning when installing or upgrading if the environment does not have .Net Framework 4.7.2 available
  • Added a confirmation message after localization is saved
Fixes
  • Fixed an issue where the assets manager activity wheel would constantly spin
  • Fixed a potential xml namespace bug in web.config
  • Fixed invalid binding redirects when upgrading to Dnn 9.4.0
  • Corrected the DotNetNuke.Core NuGet package
  • Fixed a null reference exception when calling Globals.LinkClick method
  • Fixed an issue opening module settings due to selectize.js duplicate versions
  • Fixed an issue with DDRMenu Razor templates and Dependency Injection
  • Fixed an issue with jQuery browser detection
  • Fixed several bugs around import/export
  • Fixed an issue where the standalone version of selectize.js was not used when obtained by CDN
  • Fixed an issue that prevented importing portal languages correctly
  • Fixed an issue with import/export of deleted modules
  • Fixed an issue where the upgrade to 9.4.0 would not save the new version in the database and would redirect to the upgrade wizard
  • Fixed an issue where the print container action would not work
  • Fixed an issue where the data consent last changed date would not read/save consistently in some cultures
  • Fixed an issue where the smtp server tab would always show a separator line
  • Fixed an issue with tab sorting before serialization during export
  • Fixed an issue where the web server dropdown was failing in the scheduler
  • Fixed an issue where the admin log would not include line breaks properly
  • Fixed an issue where it was impossible to set email address as username to ON
  • Fixed an issue with IP filters settings display
  • Fixed an issue where the wrong portal would should in portal settings
  • Fixed an issue where modules would get duplicated when localized
  • Fixed an issue where the wrong overflow was applied to the body after closing the persona bar
  • Fixed an issue where () characters where not replaced in URLs and improved the error message about the situation
  • Fixed an issue that prevented the Persona Bar to upgrade correctly to 9.4.0
  • Fixed an issue where the CkEditor provider would have the dll twice in the install package
 
DNN 9.4.0 — Feature Update
 
DNN 9.4.0 is a feature update that adds functionality to the DNN platform
 
Improvements
  • Minimum required .NET framework changed to 4.7.2
  • Added GDPR data consent functionality
  • Added Dependency Injection and Removed Circular Dependencies in all Module Pipelines
  • Updated all C# projects in the platform to compile under C# 7.0
  • Replaced JRE based YUI Compressor with MSBuild version
  • Made the Default Module Action Menu configurable
  • Removed GetAzureCompactScript from SqlDataProvider
  • Added setting to display search result for users in specific roles
  • Added functionality to force user logout after password changed in other place
  • Updated "About" information for DNN Platform to be more relevant and current
Fixes
  • Corrected file access issues
  • Dependencies will now load during startup even if one fails
  • Fixed an issue where deleted pages would show in parent page selector
 
DNN 9.3.2 — Minor Feature Update
 
DNN 9.3.2 is a minor feature update to the platform that adds functionality to the DNN platform
 
Improvements
  • Added a placeholder to avoid the delayed slide effect when loading the PersonaBar
  • Secuirty Analyzed now displays the full path to make it easier to find suspicious files identified
  • Azure folders in Digital Assets open faster
  • Uses source-map for webpack config
Fixes
  • Fixed an installation issue on lower performance database servers
Known Issues
  • The ability to localize the default site into various languages at initial installation is currently non-functional. This is due to issues in the remote data-service provided by Dnn Corp.
Anything below DNN 9.3.2 is considered insecure, due to exploits that were found after their release
 
For information regarding releases older than DNN 9.3.2. Please reference the Official DNN Github Page
 
Article ID: 2026, , Modified: June 26, 2024 at 4:03 PM

Add Feedback

Was this article helpful?

Share this article

Print