A new release of mojoPortal has been made available. This is a compatibility update for the changes in ASP.NET that resulted from the security patch recently released by Microsoft and now available from Windows Update.
Before the security update, there was a possibility for a System.Security.Cryptography.CryptographicException when decrypting the role cookie if the machine key had changed and the user was already authenticated. We already had error handling for this error, but after the security update the behavior changed and it would throw a more generic HttpException there which we were not handling, and this would cause users who were previously authenticated to experience an error until they cleared the cookie.
Even without a machine key change, the same error could happen if a user was authenticated before the windows update was applied, the error could happen for that user after the update was applied (because there were also changes to how cookies are encrypted in the security update) In this release we have added handling for the new more generic exception so the cookie will be reset if this error occurs and the user will not experience an error on your site.
New features include:
- upgrade to CKeditor 3.4.1
- upgrade to TinyMCE 220.127.116.11
- updated Italian resource files thanks to Diego Mora
- fixed a bug where menu items that were configured as unclickable were still clickable in the breadcrumbs
Check it out: mojoPortal