Sitecore Identity Server 5.0 Security Patch for Sitecore Version 10.0.x
Just a quick one on the Sitecore Security Bulletin SC2021–001–475944, it affects many versions of Sitecore. The version I am currently using is Sitecore v10.0 Initial Release. Sitecore versions 10 Update 2 (10.0.2) and 10.1 Update 1 (10.1.1) have the critical vulnerability already patched. Instead of “upgrading” to that version, as the site I am working on is already in production, I have been left with the option to only patching it.
The instructions for Identity Server can be confusing. The knowledge base article states that the System.Text.Encodings.Web assembly needs to be replaced within the “refs\” folder, which is incorrect.
A comparison with the Identity Server for 10.0.2 shows that only the DLL in the root folder should be replaced, and that no Web.config assembly redirection is required.
Hopefully this information can help someone.
