Telligent sent out an e-mail last Friday afternoon about a critical security patch. These were the patch instructions:
Directions for installing the patch:
- Download the .zip file here:
- Community Server 1.1: http://communityserver.org/files/folders/archived_cs_releases/entry532297.aspx
- Community Server 2.0, ASP.NET 1.1: http://communityserver.org/files/folders/releases/entry532260.aspx
- Community Server 2.0, ASP.NET 2.0: http://communityserver.org/files/folders/releases/entry532293.aspx
- Unzip the file(s) and extract them to a location on your computer
- Follow the directions in the readme for installing the patch on your Community Server 2.0 server(s)
These are the contents of the readme.txt file:
Steps for installing the Community Server 2.0 SP1 Patch.
1. Make a copy of the CommunityServer.Components.dll found in the bin folder of your web site.
2. Replace the existing CommunityServer.Components.dll with the new one you just downloaded and unzipped.If you have questions or problems, please email support@telligent.com
We have also included the updated source files. If you have modified any of the code in the Community Server Components project you will need to apply these fixes and redeploy your assemblies.
I wish the readme file had said exactly where the updated source files go. I don’t like the idea of having to hunt around files to replace when the patch has to do with security. So here’s what the readme file should include:
ComponentsHttpModuleCSHttpModule.cs
ComponentsComponentsHtmlScrubber.cs
ComponentsComponentsTransforms.cs
Telligent has an announcements blog with a post about this security patch.