Telerik UI For JSP R2 2017 (v2017.2.621) Retail
Henri Amazona
i am upgrade my project with latest version v2017.2.621 and i am geeting the kendo.sync function error "kendo is not defined". so please suggest me what to do...all files pointed to latest verion also. jquery version 2.1.4 used.
Until R2 2017 SP1 (v2017.2.621), RadAsyncUpload's AsyncUploadHandler was configured with a hard-coded key that was used to encrypt form data in file upload requests. If this encryption key was not changed from its default value of PrivateKeyForEncryptionOfRadAsyncUploadConfiguration, an attacker could use that key to craft a file upload request to /Telerik.Web.Ui.WebResource.axd?type=rau with a custom encrypted rauPostData POST parameter. If an attacker specified an arbitrary value for the TempTargetFolder variable within the encrypted rauPostData POST parameter, it would effectively allow file uploads to any directory where the web server had write permissions. Please refer to @straightblast's write-up for a detailed breakdown of rauPostData's structure (and of this vulnerability in general), and Telerik's security advisory for how this vulnerability was remediated.