As a courtesy to our customers, we maintain a list of recent versions and the important security updates for DNN / DotNetNuke. Generally, the most current version of your CMS is the most secure, but if you have an older version of your CMS, it can be hard to find information on whether your version is secure or not.
Bookmark this KB, and we will continue to update it with the most current secure version information.
What is the latest secure version of DNN?
DNN 8.0.4 — Security Update
DNN version 8.0.4 is a security update for the DNN / DotNetNuke 8.x series that addresses several security vulnerabilities ranked from "low" to "medium" by the DNN Software team. According to the security bulletin
, these vulnerabilities include:
- 2016-07 (Low) Image files may be copied from DNN's folder to anywhere on server
- 2016-08 (Low) Certain keywords in search may give an error page
- 2016-09 (Medium) Non-Admin users with edit permissions may change site containers
- 2016-10 (Low) Registration link may be used to redirect users to external links
More information can be found in the DNN 8.0.4 security bulletin here
, and if you want in-depth information on these security vulnerabilities, you can read a detailed breakdown of each of them in the DNN Security Center here
. If you'd like to do a deep dive into the full release notes, check out the DNN Platform 8.0.4 update documentation here
DNN 8.0.3 — Security Update
DNN version 8.0.3 is an important security update that addresses — once again — the issue with the InstallWizard.aspx file(s) which was first identified and classified as "critical" in May, 2015. We first reported on this issue more than a year ago; however, recently the issue has cropped up again and is affecting several people in the DNN community and their DNN sites.
Whether a full recursion or not, it is important to note that this is still an issue. If you have not updated your site and followed the recommended best practices we have outlined, please do so to help close this critical vulnerability on your sites. You can read our original article on the issue here
, which our team has updated to include the latest information on how to combat this problem.
DNN 8.0.2 — Security Update
DNN version 8.0.2 is an important security update that addresses a recently identified vulnerability in the DNN 8 core. With a severity classified as "Critical" by DNN Software, this exploit could allow unapproved file uploads by unauthenticated users. This vulnerability affects the following versions: DNN Platform 8.0, DNN Platform 8.0.1, Evoq 8.3, Evoq 8.4 — if you use any of those versions, it is strongly recommended that you update immediately to mitigate the possibility of malicious attacks. Updating to the latest versions — DNN Platform 8.0.2 or Evoq 8.4.1 — will patch this vulnerability. For more information, read the official security release announcement here
DNN 8.0 — Major Update*
DNN 8.0.1 — Security Update
DNN 8.0.1 is a security release to the DNN 8x series. This minor update addresses three identified vulnerabilities classified as "Low" on the potential threat scale, and one classified as "Critical." The critical vulnerability involves a "Potential CSRF issue on WebAPI POST requests." More information on the 8.0.1 release can be found on the official security bulletin here
DNN 8 is a full-version upgrade to the popular DNN / DotNetNuke platform. Described as "a major leap forward for DNN" by DNN Software, this version takes a step away from the past while working toward the future. As part of that cleanup, the decision was made to remove many old features of DNN that are no longer used, to that end, the following have been removed from DNN core in the 8x series: SiteLog, UsersOnline, Newsletter Module, Vendors/Banners Modules, ASP2MenuNavigationProvider, DNNMenuNavigation Provider, DNNTreeNavigationProvider, RequestFilter, Widget Framework, and Users Online. Some of the removed features will be moved to GitHub for use by the community.
DNN 8 has a strong focus on improving the overall performance of the platform. Bottlenecks were addressed, static files are now handled differently, and load has been addressed to improve performance; particularly with changes implemented to ensure the best handling of ASP.Net code vs. static code.
For more information on DNN 8, read the official release announcement here
, or consult the CodePlex release here
While the DNN 8x series is the most current major release of the DotNetNuke platform, the Managed.com and PowerDNN team — along with the DNN community — has noted several issues in DNN 8 that should give someone pause before a full update is considered. Yes, our team can help you with your DNN upgrades; however, before making the jump into DNN 8, we recommend you read our knowledge base article: DNN 8 - Features and Breaking Changes
. For more information, see the note in our 7.4.2 version log below.
DNN 7.4.2 — Maintenance Update*
DNN 7.4.2 picks up where 7.4.1 left off in stabilizing the 7.4.x series. Version 7.4.2 fixes multiple issues, including: lists in custom registration forms, ignore words in Italian and French, multi-language site rules, malformed URL return parameters, corrections to SSL offload environments, and an issue where site settings could be duplicated. More information on the 7.4.2 release can be found here
The DNN 7.4.2 release is regarded as the most stable version of the DNN / DotNetNuke platform. Our team can certainly perform an upgrade to DNN 8 for you; however, there are several major changes within the platform that you should consider before deciding to update your site. Due to the multiple issues identified in the DNN 8x series, we recommend you familiarize yourself with the changes our team has outlined in our knowledge base article: DNN 8 - Features and Breaking Changes
If, however, you are a professional developer or seasoned DNN / DotNetNuke pro, and you feel comfortable with it, then go for it — knowing full well you may have some complications to overcome. If you are unsure or hesitant about what affects DNN 8 may have on your existing site, we recommend updating no further than 7.4.2 at this time. All Managed.com and PowerDNN customers may, of course, open a ticket to speak with our support team about updates.
If you are building a new site from the ground up, however, you are fine to use the most current, secure version of the DNN 8x series. Many of the breaking complications come up through updating a site, and do not seem to be present if building a new DNN 8 site from scratch.
DNN 7.4.1 — Maintenance Update
DNN 7.4.1 is intended to be solely a stabilization update that is intended to address the bulk of the issues found in 7.4. More info about 7.4.1 can be found here
DNN 7.4 — Features Update
While DNN 7.4 has been released, our engineers are not actively recommending it at this time. Due to several errors and technical issues discovered since it's release, we are still maintaining DNN users stick with version 7.3.3 for stability and usability reasons. If you are an experienced DNN developer, you may feel perfectly comfortable upgrading to 7.4. More information on DNN 7.4 can be found here
DNN 7.3.3 — Maintenance Update
DNN version 7.3.3 is a maintenance release that addresses several fixes in the DNN / DotNetNuke core. Items addressed include: an issue where notifications were not updating properly, issues with upgrades failing, a minor security issue, and several other tweaks and enhancements. For more information on the 7.3.3 release, view the highlight notes here
DNN 7.3.2 — Maintenance Update
DNN 7.3 — Insecure
While DNN 7.3 includes many new features, our team of engineers — and the DNN / DotNetNuke Community — has found numerous issues with this update. While these errors are not "full regressions," they do potentially pose a problem to your DNN site. Our recommendation is to wait for DNN 7.3.2. You can find out more about our reasons here
DNN 7.2.2 — Security Update
DNN 7.2.1 — Security Update
This version of DNN was released only six weeks after 7.2, and includes "significant value in the areas of security, performance, and user experience." Full details for the 7.2.1 update can be found in the release notes here
. DNN 7.2.2 includes maintenance tweaks and new features for users. More information can be found here
DotNetNuke 6.2.8 makes your website social. You can build social communities using new features such as Facebook Login, Social Groups, Member Directories, Activity Feeds, and much more. DotNetNuke 6.2.8 has been thoroughly tested and is recommended for production.
If you are running a DotNetNuke 6.x release prior to version 6.2.8, we recommend upgrading to patch security issues.
While DotNetNuke 5.6.8 is a stable and secure version, DotNetNuke Corporation no longer actively enhances it. Customers who run DotNetNuke 5.6.8 should consider upgrading in the near future.
Don't See Your Version Here? You Need To Upgrade
If you do not see your version of DNN / DotNetNuke here, you should upgrade immediately for the latest security and performance benefits. Certain older versions of DotNetNuke may contain critical security vulnerabilities.