diff --git a/knowledge-base/dpl-security-vulnerability.md b/knowledge-base/dpl-security-vulnerability.md new file mode 100644 index 0000000000..92a773864b --- /dev/null +++ b/knowledge-base/dpl-security-vulnerability.md @@ -0,0 +1,57 @@ +--- +title: Address Telerik Document Processing Security Vulnerability +description: Learn more about a fixed security vulnerability in Telerik Document Processing +type: troubleshooting +page_title: How to upgrade Telerik Document Processing to resove a security vulnerability +slug: dpl-kb-security-vulnerability +tags: blazor, dpl +ticketid: +res_type: kb +--- + +## Environment + + + + + + + + + + + + +
ProductTelerik Document Processing
VersionPrior to 2025.1.205
+ +## Description + +The [February 2025 release of Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) resolves a couple of vulnerabilities: + +* [CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629) +* [CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343) + +>tip Telerik UI for Blazor uses [Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/introduction) packages and APIs for its [Excel](slug:grid-export-excel), [CSV](slug:grid-export-csv) and [PDF](slug:grid-export-pdf) export features. **Telerik UI for Blazor is NOT affected by the mentioned resolved vulnerabilities.** This article exists only as a heads-up to customers who may be using Telerik Document Processing in their Telerik Blazor applications. + +This article describes potential next steps for developers working specifically with Telerik Document Processing. + +## Solution + +No action is required if: + +* Your application is not referencing Telerik Document Processing packages explicitly. +* Your application is not using `Telerik.Zip` APIs directly. +* Your application is not importing an `HTML` file and exporting it to `RTF` format. + +If your use case scenario is the opposite of the listed items above, then: + +* [Get familiar with the vulnerabilities, their impact, and resolutions](#description). +* Upgrade Telerik Document Processing to version **2025.1.205** or later. + +In addition, see [how to use different versions of Telerik UI for Blazor and Telerik Document Processing](slug:dpl-kb-version-conflict-detected-telerik-zip). + +## See Also + +* [Release Notes for Telerik Document Processing version 2025.1.205 (2025 Q1)](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) +* [KB article for CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629) +* [KB article for CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343)