14 December 2010

Windows Update for ASP.NET Vulnerability 2416728: Sitecore implications *Update*

As you could have been reading in my previous post, Sitecore’s major productSitecore .NET Web Content Management System is affected by the ASP.NET Vulnerability 2416728. Today, Microsoft has released an update to all the Windows Update Services(WSUS and WU). You can find all the details in Scott Guthrie’s post.

What could potentially happen to your Sitecore installation when applying this patch?

  1. A couple of users get logged out. That’s only really notable for the user who use the check box ‘Remember me’. Just login again. That’s the deal. According to my checks on 6.2, this does not happen.
  2. Potentially you could get an exception for people who have a open session while updating Sitecore. According to my checks, this doesn’t happen.

So it seems that you can install this patch without any unexpected side effect. I’ve checked it on my machines and tested it there(so this is an unofficial Sitecore statement). If we come across issue, we will let you know. If you come across issues, please let our support team know.

Update: Sometimes an ‘HttpException: Unable to validate data’ happens when people are already authenticated. I couldn’t reproduce this. But it seems to be there. In that case, please review this solution on SDN.

No comments:

Post a Comment