Litium security update 2018-09-04

Affected versions

For version 6 apply patch or Litium version 6.2.1 - release notes

For version 5 apply patch or Litium version 5.6.4 - release notes

For version 4.8 apply patch or Litium Studio version 4.8.11 - release notes

For version 4.7 apply patch.

For version 4.5, 4.6 contact Litium Support.

Impact

An application may be able to execute arbitrary code.

Description

A security issue existed in a third party component and was addressed by applying a configuration update from the third party vendor.

Apply patch or version?

The patch only contains the necessary code to solve the security issue, while a version can contain other bug fixes or even features. Therefor, applying the patch usually requires a smaller effort.

Applying the version

If you decide to apply the version, follow these installation instructions for version 5 and 6, and these instructions for version 4.

Applying the patch to Litium Studio 4.7, Litium Studio 4.8, Litium 5 and Litium 6

Install Litium.Studio.UI.Patch Nuget package into your web-project. The package will add a new library named Litium.Studio.UI.Patch.dll. Ensure that the new library is included in deployment. The patch is distributed through NuGet. Read more on how to install the Litium NuGet-feed.

Install with NuGet Package Manager Console

Open the NuGet Package Manager Console.
Select the Web project as "Default project".
Run the following command:
```
Install-Package Litium.Studio.UI.Patch
```

Install the package from NuGet Package Manager

Open the NuGet Package Manager for the web-project.
Locate the Litium.Studio.UI.Patch package.
Click Install.

Applying the patch to Litium 4.6 and earlier

If you are running version 4.6 or prior, please contact Litium Support.