views:

793

answers:

3

Anyone familiar with specific security issues in the current version of DotNetNuke?
(I've already checked out their site, securityfocus, etc...)

I've reopened the question, since my client developed their system using DotNetNuke - hence it is a programming question. I just need to know some issues regarding this platform.

+6  A: 

DNN Vulnerability information will be at: http://www.dotnetnuke.com/News/SecurityPolicy/tabid/940/Default.aspx

Chris Lively
Thanks, this was a great help! Not just the vulnerabilities, but especially the security guides and such. Exactly what I was looking for.
AviD
+1  A: 

I'm not aware of any security issues that have been announced with the current version of DotNetNuke (4.9.0). The security policy of DotNetNuke is to address any known security issues as soon as they are discovered. They won't release a version with a known security issue.

bdukes
Thanks, this is good to know.
AviD
A: 

I just want to add to this, that DotNetNuke corporation, right or wrong, asks that people not publicly discuss exploit details if known, as it exposes the wide community to greater risk.

Typically the rule of thumb with DNN is to upgrade to the most current version, and keep an eye on the security items posted on the site, also, keeping an eye on Cathal's blog is a good idea as he is the head security person.

Mitchel Sellers