Replies: 1 comment 1 reply
-
Please be aware that security related concerns should be reported via the official security policy as outlined in this repository. I have updated the title of this issue to remove the reference to security issue at this time. I've also temporarily converted this over to a discussion as I'm not sure that we have a true issue here at this time, so a few notes/questions for you.
I would look at your web.config and look for an Assembly Binding Redirect for Newtonsoft.json and see if any third-party modules are noted as modifying that binding redirect. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is there an existing issue for this?
What happened?
Hello
I compared a fresh new install of DNN 9.13.04 with my production environment. (same version) I founf that Newtonsoft.Json.dll of my production environment has not been upgraded during years of upgrades (in production environment I have 13.0.1.25517 - that is considered unsecure - while in new install I have 13.0.3.27908.
In production environment I have also:
Perhaps future updates should force the Newtonsoft.Json.dll replacement and the removal of DotNetNuke Client Capability Provider v9.1.0.
Does anyone knows how to remove DotNetNuke Client Capability Provider v9.1.0 provider?
EDIT: A similar issue with Newtonsoft.Json.dll happened with another DNN installation. In this case the website (created on 2013) is v 13.0.2.27524. I checked the DNN_Platform_9.13.4_Upgrade.zip file and this file is missing... Is it a wanted behavior?
Thanks
Steps to reproduce?
Upgrading DNN from older versions
Current Behavior
No response
Expected Behavior
No response
Relevant log output
No response
Anything else?
No response
Affected Versions
9.13.4 (alpha)
What browsers are you seeing the problem on?
No response
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions