How to apply patches in sitefinity 12.2 version - Sitefinity - Patch Notifications and Release Notes

Posted by Shafqat.Soomro@lbusa.com on 01-Apr-2020 02:44

Hello,

How to apply below patches in sitefinity 12.2 version?

Article Number

000102332

Environment

Product: Sitefinity
Version: 7.x, 8.x, 9.x, 10.x, 11.x, 12.x
OS: All supported OS versions
Database: All supported Microsoft SQL Server version

Question/Problem Description

A set of potential security vulnerabilities have been identified in Progress Sitefinity. Below you will find a list of bugfix rollup patches per version, which contain fixes for these vulnerabilities. If you have any questions in this regard, please contact Progress Technical Support.

Directory Traversal (Workflow) vulnerability

Affected Supported Versions: 7.0 - 12.2
Severity: Critical

Directory Traversal (File upload) vulnerability

Affected Supported Versions: 7.0 - 10.1
Severity: Critical

XSS vulnerabilities in the Backend Administration

Affected Supported Versions: 7.0 - 12.2
Severity: Medium
Only Users with Backend privileges can exploit this vulnerability
Version 11.0 and up introduce the WebSecurity Module, which has a CSP header protection against XSS attacks. When the module is active, this attack vector is mitigated.

Sitefinity Documentation, WebSecurity Module

Sitefinity - Patch Notifications and Release Notes

All Replies

Posted by jread on 01-Apr-2020 21:28

1. Capture the exact build number of the Hotfix or Patch you need to install.

2. Add the Sitefinity nuget server into the nuget package sources in Visual studio referring on the information in this documentation article: Sitefinity documentation, Sitefinity CMS NuGet packages repository www.progress.com/.../sitefinity-cms-nuget-packages-repository

Note: refer to the "How to use Sitefinity NuGet Packages" section of the Sitefinity NuGet package repository nuget.sitefinity.com/ in order to be able to get NuGets from Sitefinity NuGet server.

3. Install the Telerik.Sitefinity.All NuGet package with the required version from the Sitefinity NuGet packages repository. An example NuGet package install comment for a specific version is below:

Install-Package Telerik.Sitefinity.All -Version 12.2.7230

4. Build the project.

5. Run the project.

Taken from: knowledgebase.progress.com/.../How-to-update-Sitefinity-to-hotfix-internal-build-or-a-patch

Posted by gauntt@upenn.edu on 07-Apr-2020 13:11

I just did that and about half of my Sitefinity references were updated to 12.2.7230 and the other half are still 12.2.7222 and the whole thing won't build anymore. And all of the stupid things that completely break the app that I already figured out fixes for have been overwritten and undone. Sigh. I'm getting really tired of spending days managing Sitefinity upgrades...

Posted by jovchev on 07-Apr-2020 13:33

Hi,

You can use the powershell console to check the updated references.

We have found that the best way is to maintain a small PowerShell file that does next steps

1. Uninstall the nuget packages from each project in your solution, the key is to use -Force -RemoveDependencies

2. Install the nuget packages with new version in the solution.

You can use variables and then pass them in the step 2

$sfVersion = 'XX.XX.XX'
$openAccessVerson = 'XXXX.X.XXX.X'
$telerikWebUI = 'XXX.X.XXX.XX'
$entityFramework = 'X.X.X'
$newtonSoftJson = 'XX.X.X'

Get-Project Utils | install-Package Telerik.Sitefinity.Content -version $sfVersion
Get-Project Utils | install-Package Telerik.Sitefinity.Core -version $sfVersion
Get-Project Utils | install-Package Telerik.DataAccess.Core -version $openAccessVerson
Get-Project Utils | install-Package Telerik.Sitefinity.mvc -version $sfversion

If you need assistance or training how to make your major or minor version upgrades, or patch (internal builds) installations feel free to contact me.

This thread is closed