Skip to content

Merge dpl-kb-2763 into production #2766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Feb 13, 2025
Merged

Merge dpl-kb-2763 into production #2766

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7785bf2
kb(dpl): Add KB for DPL vulnerability
dimodi Feb 13, 2025
afe1d4a
Update knowledge-base/dpl-security-vulnerability.md
dimodi Feb 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions knowledge-base/dpl-security-vulnerability.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
title: Address Telerik Document Processing Security Vulnerability
description: Learn more about a fixed security vulnerability in Telerik Document Processing
type: troubleshooting
page_title: How to upgrade Telerik Document Processing to resove a security vulnerability
slug: dpl-kb-security-vulnerability
tags: blazor, dpl
ticketid:
res_type: kb
---

## Environment

<table>
<tbody>
<tr>
<td>Product</td>
<td>Telerik Document Processing</td>
</tr>
<tr>
<td>Version</td>
<td>Prior to 2025.1.205</td>
</tr>
</tbody>
</table>

## Description

The [February 2025 release of Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) resolves a couple of vulnerabilities:

* [CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629)
* [CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343)

>tip Telerik UI for Blazor uses [Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/introduction) packages and APIs for its [Excel](slug:grid-export-excel), [CSV](slug:grid-export-csv) and [PDF](slug:grid-export-pdf) export features. **Telerik UI for Blazor is NOT affected by the mentioned resolved vulnerabilities.** This article exists only as a heads-up to customers who may be using Telerik Document Processing in their Telerik Blazor applications.

This article describes potential next steps for developers working specifically with Telerik Document Processing.

## Solution

No action is required if:

* Your application is not referencing Telerik Document Processing packages explicitly.
* Your application is not using `Telerik.Zip` APIs directly.
* Your application is not importing an `HTML` file and exporting it to `RTF` format.

If your use case scenario is the opposite of the listed items above, then:

* [Get familiar with the vulnerabilities, their impact, and resolutions](#description).
* Upgrade Telerik Document Processing to version **2025.1.205** or later.

In addition, see [how to use different versions of Telerik UI for Blazor and Telerik Document Processing](slug:dpl-kb-version-conflict-detected-telerik-zip).

## See Also

* [Release Notes for Telerik Document Processing version 2025.1.205 (2025 Q1)](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205)
* [KB article for CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629)
* [KB article for CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343)