From 7785bf230492f4774475d119bb54a022c8f6e2ce Mon Sep 17 00:00:00 2001 From: Dimo Dimov <961014+dimodi@users.noreply.github.com> Date: Thu, 13 Feb 2025 15:07:30 +0200 Subject: [PATCH 1/2] kb(dpl): Add KB for DPL vulnerability --- knowledge-base/dpl-security-vulnerability.md | 57 ++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 knowledge-base/dpl-security-vulnerability.md diff --git a/knowledge-base/dpl-security-vulnerability.md b/knowledge-base/dpl-security-vulnerability.md new file mode 100644 index 0000000000..0e50c85ad6 --- /dev/null +++ b/knowledge-base/dpl-security-vulnerability.md @@ -0,0 +1,57 @@ +--- +title: Address Telerik Document Processing Security Vulnerability +description: Learn more about a fixed security vulnerabiliti in Telerik Document Processing +type: troubleshooting +page_title: How to upgrade Telerik Document Processing to resove a security vulnerability +slug: dpl-kb-security-vulnerability +tags: blazor, dpl +ticketid: +res_type: kb +--- + +## Environment + + + + + + + + + + + + +
ProductTelerik Document Processing
VersionPrior to 2025.1.205
+ +## Description + +The [February 2025 release of Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) resolves a couple of vulnerabilities: + +* [CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629) +* [CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343) + +>tip Telerik UI for Blazor uses [Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/introduction) packages and APIs for its [Excel](slug:grid-export-excel), [CSV](slug:grid-export-csv) and [PDF](slug:grid-export-pdf) export features. **Telerik UI for Blazor is NOT affected by the mentioned resolved vulnerabilities.** This article exists only as a heads-up to customers who may be using Telerik Document Processing in their Telerik Blazor applications. + +This article describes potential next steps for developers working specifically with Telerik Document Processing. + +## Solution + +No action is required if: + +* Your application is not referencing Telerik Document Processing packages explicitly. +* Your application is not using `Telerik.Zip` APIs directly. +* Your application is not importing an `HTML` file and exporting it to `RTF` format. + +If your use case scenario is the opposite of the listed items above, then: + +* [Get familiar with the vulnerabilities, their impact, and resolutions](#description). +* Upgrade Telerik Document Processing to version **2025.1.205** or later. + +In addition, see [how to use different versions of Telerik UI for Blazor and Telerik Document Processing](slug:dpl-kb-version-conflict-detected-telerik-zip). + +## See Also + +* [Release Notes for Telerik Document Processing version 2025.1.205 (2025 Q1)](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) +* [KB article for CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629) +* [KB article for CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343) From afe1d4a78dac5300d38c64e06d714f3d505413b0 Mon Sep 17 00:00:00 2001 From: Dimo Dimov <961014+dimodi@users.noreply.github.com> Date: Thu, 13 Feb 2025 15:12:37 +0200 Subject: [PATCH 2/2] Update knowledge-base/dpl-security-vulnerability.md --- knowledge-base/dpl-security-vulnerability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/knowledge-base/dpl-security-vulnerability.md b/knowledge-base/dpl-security-vulnerability.md index 0e50c85ad6..92a773864b 100644 --- a/knowledge-base/dpl-security-vulnerability.md +++ b/knowledge-base/dpl-security-vulnerability.md @@ -1,6 +1,6 @@ --- title: Address Telerik Document Processing Security Vulnerability -description: Learn more about a fixed security vulnerabiliti in Telerik Document Processing +description: Learn more about a fixed security vulnerability in Telerik Document Processing type: troubleshooting page_title: How to upgrade Telerik Document Processing to resove a security vulnerability slug: dpl-kb-security-vulnerability