i've been upgrading a few v8 sites today and hit a fairly major issue:
update-Package : Unable to find a version of 'HtmlSanitizer' that is compatible with 'UmbracoCms.Web 8.11.1 constraint: HtmlSanitizer (>= 4.0.217 && < 4.999999.0)'.
seems version 4x of the HtmlSanitizer package has been removed from nuget and only version 5x is available...
the v8.12.0-rc version of umbraco is available and has the dependency on v5 of HtmlSanitizer but i'm really not keen on upgrading production based sites to a release candidate version...
has anyone else hit this?! the only info i can find is this bug report on github:
the suggested work around is to put a version 4x of HtmlSanitizer on a local nuget feed - but if we can't get a nuget package of v4 as it's been removed, this is kinda impossible!
it also means we'd be releasing umbraco to production servers with a know security issue in them... which seems risky as all hell...
(i guess you could set up C:\Temp\packages as a package source in the settings but i figured try this first...)
now i can do update-Package UmbracoCms -Version 8.8.0 and as the package is already installed, the dependency is resolved and away the upgrade goes.
so i've worked through the rest of the installs and my final step was to upgrade HtmlSanitizer to version 5 so the security vulnerability discovered in 4x doesn't effect any production based site.
lucky i told my project manager upgrading the sites may take a while!
upgrading v8.8.0 through v8.11.1 is broken by HtmlSanitizer dependency?!
hey out there,
i've been upgrading a few v8 sites today and hit a fairly major issue:
seems version 4x of the HtmlSanitizer package has been removed from nuget and only version 5x is available...
the v8.12.0-rc version of umbraco is available and has the dependency on v5 of HtmlSanitizer but i'm really not keen on upgrading production based sites to a release candidate version...
has anyone else hit this?! the only info i can find is this bug report on github:
https://github.com/umbraco/Umbraco-CMS/issues/9615
the suggested work around is to put a version 4x of HtmlSanitizer on a local nuget feed - but if we can't get a nuget package of v4 as it's been removed, this is kinda impossible!
it also means we'd be releasing umbraco to production servers with a know security issue in them... which seems risky as all hell...
anyone else hit this?!?!
cheers,
jake
ok, hacking around and i think i've got the full workaround...
i found that the last released 4x version of HtmlSanitizer was v4.0.217 (based on https://github.com/mganss/HtmlSanitizer/tags?after=v4.0.230)
although it doesn't appear on https://www.nuget.org/packages/HtmlSanitizer/ it is still available on this link:
http://nuget.org/api/v2/package/HtmlSanitizer/4.0.217
so i downloaded that, stuck it in a directory and then installed it via the package manager:
Install-Package HtmlSanitizer -source C:\Temp\packages(i guess you could set up
C:\Temp\packagesas a package source in the settings but i figured try this first...)now i can do
update-Package UmbracoCms -Version 8.8.0and as the package is already installed, the dependency is resolved and away the upgrade goes.so i've worked through the rest of the installs and my final step was to upgrade HtmlSanitizer to version 5 so the security vulnerability discovered in 4x doesn't effect any production based site.
lucky i told my project manager upgrading the sites may take a while!
is working on a reply...