The removal of Telerik from a DNN website is a crucial step in ensuring the site's security. Telerik is known to contain a vulnerability that poses a risk to the integrity of the site. Recent incidents have demonstrated that hackers can exploit this vulnerability to gain unauthorized access to DNN websites.
To mitigate this risk, it is necessary to remove Telerik controls from the website. By doing so, the vulnerability is eliminated, and the site is protected against potential attacks that could compromise its security. Therefore, it is imperative to take a proactive approach to website security and remove Telerik controls to safeguard the website and its users' data.
About DotNetNuke and Teletik
When DNN version 5 was the latest technology, DNN and Telerik entered into an agreement where Telerik would be packaged with DNN. This agreement allowed developers and administrators to use Telerik to edit and create website elements, such as modules. However, a license from Telerik was required to use these features.
By the time DNN 7 was launched in 2015, Telerik became free to use and was bundled in with DNN. As a result, many module developers took advantage of the Telerik integration and built modules like blogs and events that had dependencies on Telerik. In other words, these modules were designed to work only with Telerik and wouldn't function without it.
This integration with Telerik brought many benefits to DNN users and developers. They could utilize a powerful component that provided features like rich text editing, file management, and more where developers could take advantage of Telerik controls with default styles and templates without much code and it was globally supported by DNN so many third-party modules had these controls. However, it also created dependencies on Telerik that could potentially cause issues down the line. For example, if Telerik had a security vulnerability, it could put the entire website at risk. Additionally, if a module developer built a module with dependencies on Telerik and then decided to remove Telerik from their DNN installation, the module would no longer work.
Overall, while the integration with Telerik provided many benefits, it also created dependencies that could cause potential issues. It's essential for DNN users to weigh the benefits and risks of using Telerik and consider whether removing it from their installation would be beneficial for their website's security, performance, and overall functionality.
After a few years, a vulnerability in Telerik was discovered, which exposed DNN websites to a certain level of risk. DNN then requested Telerik to update the DNN editor that it had created years ago. However, it turned out that Telerik could not do so because the original source files had been lost. As a result, DNN Corp made the decision to terminate its relationship with Telerik and develop a new version of DNN that did not require Telerik to operate. This led to the birth of DNN 9.8.
Why you should remove Telerik controls from DNN?
The decision to remove Telerik controls from DNN was made due to a vulnerability discovered in the Telerik framework. This vulnerability exposed DNN websites to potential security risks, making it imperative for DNN Corp. to take measures to protect its users.
When DNN asked Telerik to update the DNN editor to close the vulnerability, Telerik could not do so because the original source files had been lost. This made it impossible to fix the vulnerability in the existing DNN editor.
Faced with this situation, DNN Corp decided to end its cooperation with Telerik and develop a new version of DNN that did not depend on Telerik controls. By removing the Telerik controls from DNN, the company was able to eliminate the security risks associated with the vulnerability and ensure the security of its users' websites.
Better Use or Develop Modules independent from Telerik
Despite the fact that the latest versions of DNN no longer require Telerik, many modules still rely on it. This means that if a website built using DNN 8 has a blog, events section, image gallery, and slider, and is upgraded to DNN 9.8, Telerik will still be present and necessary.
Although the upgrade to DNN 9.8 makes it possible to remove Telerik, doing so will cause the modules that depend on it to stop working. Therefore, it is essential to identify and replace all Telerik-dependent modules with alternatives that are compatible with DNN 9.8 before removing Telerik. Failure to do so may result in loss of functionality and negatively impact the user experience of the website.
How to remove Telerik from DNN
The latest version of DNN offers automatic removal of Telerik from the DNN instance,
- Click on the Telerik Removal link from the “Manage” section of the DNN persona bar
- The page will ask for confirmation before proceeding
- Once Telerik was removed, it will show the below message
Telerik controls can be removed manually technical steps are explained.
DNN Platform Telerik Removal: https://docs.dnncommunity.org/content/getting-started/setup/telerik-removal/index.html
Dnn Telerik Identifier: https://github.com/IowaComputerGurus/DnnTelerikIdentifier/tree/V1.0.0?fbclid=IwAR0DZFJ-71LRc5pUGgRSXzSk8KDuYJwCHTAKWyldvCdhOXQOdGDQpX60xzg
How to migrate modules after removing Telerik from DNN
Ensuring the security of your DNN website is of utmost importance, and the key step in achieving this is removing Telerik. This can only be done through the following process:
- Upgrade to DNN 9.8 or a higher version. Note that this upgrade alone will not automatically remove Telerik; Telerik will still be present
- Identify which modules are dependent on Telerik
- Identify alternative modules that can replace the Telerik-dependent modules
- Transfer data from the existing modules to the new ones
- Remove Telerik-dependent modules, recent version has a feature to find or remove the Telerik
- Eliminate all traces of Telerik from DNN
Please note that the above steps may be a complex and time-consuming process. It may be beneficial to seek professional assistance to ensure that the transition is seamless and all security risks are eliminated.
The new version of DNN (Without Telerik)
Unfortunately, it is true that to transform a website created in an earlier version of DNN, which includes Telerik and its associated vulnerability, into a modern DNN website with all remnants of Telerik removed, certain modules will need to be replaced. In theory, this process may involve a simple data export from the existing module followed by data import to the new module. However, in reality, the process is rarely straightforward.
At a minimum, data mapping is required, and often additional work is necessary to ensure that the modules function precisely as they did previously and interact seamlessly with each other, without the presence of Telerik. This can be a complex task that requires professional expertise to ensure that the website functions as intended and is secure.
The process of removing Telerik typically involves a series of manual steps, including identifying which modules depend on Telerik, identifying suitable replacement modules, transferring data from the existing modules to the new ones, removing Telerik-dependent modules, and eliminating all traces of Telerik from the website.
Undertaking the steps mentioned above is not a straightforward task, and it is likely that you have other responsibilities and a full-time role to attend to. In fact, your job description probably did not include tasks such as DNN version upgrades, Telerik removal, and module replacement.
If you require assistance in ensuring that your DNN website is fully secure, with all traces of Telerik removed, please do not hesitate to contact us. We specialize in providing solutions for website security and can assist you in making sure that your website is free from vulnerabilities and potential security risks.