Sitecore Identity Server 5.0 Security Patch for Sitecore Version 10.0.x

Just a quick one on the Sitecore Security Bulletin SC2021–001–475944, it affects many versions of Sitecore. The version I am currently using is Sitecore v10.0 Initial Release. Sitecore versions 10 Update 2 (10.0.2) and 10.1 Update 1 (10.1.1) have the critical vulnerability already patched. Instead of “upgrading” to that version, as the site I am working on is already in production, I have been left with the option to only patching it.

The instructions for Identity Server can be confusing. The knowledge base article states that the System.Text.Encodings.Web assembly needs to be replaced within the “refs\” folder, which is incorrect.

A comparison with the Identity Server for 10.0.2 shows that only the DLL in the root folder should be replaced, and that no Web.config assembly redirection is required.

Hopefully this information can help someone.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vincent Lui

Vincent Lui

Sitecore Technology MVP 2020–2021| Solution Architect on Sitecore, Akamai, Microsoft Azure | Passionate on DevSecOps Lifecycle @ CPA Australia