Anyone familiar with specific security issues in the current version of DotNetNuke?
(I've already checked out their site, securityfocus, etc...)
I've reopened the question, since my client developed their system using DotNetNuke - hence it is a programming question. I just need to know some issues regarding this platform.
DNN Vulnerability information will be at: http://www.dotnetnuke.com/News/SecurityPolicy/tabid/940/Default.aspx
I'm not aware of any security issues that have been announced with the current version of DotNetNuke (4.9.0). The security policy of DotNetNuke is to address any known security issues as soon as they are discovered. They won't release a version with a known security issue.
I just want to add to this, that DotNetNuke corporation, right or wrong, asks that people not publicly discuss exploit details if known, as it exposes the wide community to greater risk.
Typically the rule of thumb with DNN is to upgrade to the most current version, and keep an eye on the security items posted on the site, also, keeping an eye on Cathal's blog is a good idea as he is the head security person.