All DNN editions since DNN 5.2 are affected, however the patch will only address the issue for DNN installations from DNN 7.1.2 through DNN 9.0.2. For versions between and including DNN 5.2 and DNN 7.1.1, site administrators will need to upgrade to DNN 7.1.2 or later to be protected. It is recommended that the patch be installed for any DNN versions 7.1.2 and later.
HOW MANAGED.COM PROTECTS YOU: Our team has implemented a way to apply the patch through our Control Suite product. If you are hosted by us in our shared-hosting environment, we will be implementing the patch for you. If you have a dedicated server with us that has Control Suite on it, you will also be protected by us administering the patch automatically. For those customers in a web-farm environment, the patch will need to be administered manually.
DNN released information about the patch including a brief FAQ this morning which can be found at
this post. In it they detail how to install the patch and their recommendation to use their Security Analyzer tool to verify if a site is protected from this and other known vulnerabilities.
DNN Software appears to be keep the details of this vulnerability low-key as a protection.
Have a shared hosting website with us? You’re covered, depending on your version of DNN
As soon as the details of the vulnerability were made available, our team immediately assembled to come up with a solution that would best protect our customers.
If you have a shared hosting website plan with us and your site is DNN 7.1.2 or later, you’re already protected. We have already begun to implement the hotfix patch at the server level on all of our shared hosting servers. By the time you read this the process will likely already be complete, the hotfix will be applied across our shared server inventory, and your site will be safe from this vulnerability.
If you have a shared hosting website plan with us and your site is DNN 5.2 to DNN 7.1.1, this patch will not protect you until your site is updated to DNN 7.1.2 or later. To protect your site, you may attempt to update the site yourself or initiate a Support ticket with our team to upgrade your site for you using our
Standard Upgrade service or
Staged Upgrade service. Upgrading your site will allow the patch to protect your site from this vulnerability as well as several other identified security issues.
If your site is a version of DNN earlier than DNN 5.2, we strongly suggest that you upgrade your site, although your site wouldn't be susceptible to this particular vulnerability.
Have a dedicated server or VPS plan with us? If you have Control Suite, our fix will be applied depending on DNN version.
If you have a site on a dedicated server/VPS with us that has Control Suite and your site is DNN 7.1.2 or later, you’re already protected. We have already begun to implement the hotfix patch at the server level on all of our shared hosting servers. By the time you read this the process will likely already be complete, the hotfix will be applied across our shared server inventory, and your site will be safe from this vulnerability.
If you have a site on a dedicated server/VPS with us that has Control Suite and your site is DNN 5.2 to DNN 7.1.1, this patch will not protect you until your site is updated to DNN 7.1.2 or later. To protect your site, you may attempt to update the site yourself or initiate a Support ticket with our team to upgrade your site for you using our
Standard Upgrade service or
Staged Upgrade service. Upgrading your site will allow the patch to protect your site from this vulnerability as well as several other identified security issues.
If your site is a version of DNN earlier than DNN 5.2, we strongly suggest that you upgrade your site, although your site wouldn't be susceptible to this particular vulnerability.
Have a dedicated server or VPS plan with us that does not have Control Suite (such as a webfarm)?.
For fully-managed customers (clients who do not have access to their production server), we will be reaching out to you to coordinate the application of a fix.
For customers who have access to their server but lack Control Suite, the Security Patch provided by DNN can be installed using the same procedures as installing a module. If you need assistance from the Support team, please reach out and we will be happy to provide advice and answer questions along the way.
Any questions? We’re here for you
If you have any further questions about the DNN or this critical security update, feel free to open a ticket or
contact us through the normal means.
We will work with you to help protect you, your server, and your customers.
Works Cited / For Further Reading:
DNN / DotNetNuke / Evoq — Secure and Latest Versions. (
Managed.com)