Skip to main content

Checkup Documentation

Security Hotfix might be needed

security-hotfix-needed

severity-high

Summary

Kentico Xperience security hotfixes are a little different than your standard Kentico hotfixes. Security hotfixes keep your site safe from any known security vulnerability. Kentico will only release a security hotfix when a vulnerability or new attack vector is discovered in the C#, .Net, or JavaScript code of Kentico.

Part of that equation is knowing when a security hotfix is available for your Kentico site. Constant Care for Kentico will watch all Kentico Xperience security hotfix releases and notify you if you site is missing any. Constant Care for Kentico covers not having to manually check for new hotfixes that could expose your site to attacks. 

The Toolkit for Kentico teams recommends always staying current with all security hotfixes. You shouldn't miss any of them, and you should apply the security hotfixes when they are released.  Applying every hotfix is not always possible in the real world though. There are times when the security hotfix is for a feature that you do not use on your site. The tool also allows you to configure how many missing security hotfixes that your site has. This allows for some tolerance, but keeps you safe from getting to far behind.


Check Logic

Constant Care for Kentico will ensure the number of security hotfix you are missing is no more than 0 (default)

You can manage your settings for this checkup in the Constant Care for Kentico admin settings.


Verifying The Check

To check your Kentico version (including hotfix number), log into the administration site. Then click the question mark at the top right of the screen. This wiil show the current version of Kentico.

To review the list of Kentico hotfixes. Go to Kentico's Hotfix page:

https://devnet.kentico.com/download/hotfixes

 

Changes to your site should only be made by an experienced Kentico Xperience developer. If you need assistance in making these changes please reach out to the Toolkit For Kentico team to be connected with a Kentico Xperience partner.