Telerik RadGrid controls - RadGrid.net2 dll security vunerability.

2 Answers 57 Views
Grid
Neha
Top achievements
Rank 1
Neha asked on 08 Dec 2023, 07:18 AM

We have an application which is using Telerik RadGrid controls - RadGrid.net2 dll.

Our security team has reported vulnerabilities in this application and a lot of them are in these RadControls, for example RadGrid.js client DOM stored code injection. They are looking us to fix these.

What is the solution for this?

2 Answers, 1 is accepted

Sort by
0
Rumen
Telerik team
answered on 08 Dec 2023, 08:52 AM

Hi Neha,

RadGrid.Net2.dll is a component from the Classic RadControls for ASP.NET suite which was discontinued in 2009 and not supported for more than a decade. The Classic controls were replaced by their counterparts in the Telerik UI for ASP.NET AJAX (also known as RadControls for ASP.NET AJAX), which is represented by the single Telerik.Web.UI.dll containing all components inside its assembly.

While I can't verify whether RadGrid Classic (RadGrid.Net2.dll) has a vulnerability or if it's merely a false positive, migrating to RadGrid for ASP.NET AJAX (Telerik.Web.UI.dll) is highly recommended, because it is much enhanced, and supports the latest browser and accessibility standards. This current version 2023.3.1010 is actively developed, supported, and maintains a robust security standing, with no reported vulnerabilities in its latest release.

For guidance on transitioning from RadGrid Classic to RadGrid for ASP.NET AJAX, refer to the article:

Additionally, detailed instructions on getting started with Telerik UI for ASP.NET AJAX are available in the article titled

Best Regards,
Rumen
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Neha
Top achievements
Rank 1
commented on 12 Dec 2023, 06:26 PM

Thanks. This new ASP.NET AJAX (Telerik.Web.UI.dll) would cost a new license fee , right?
Rumen
Telerik team
commented on 13 Dec 2023, 04:28 AM

You are welcome, Neha. Yes, you will need to purchase a new license for Telerik UI for ASP.NET AJAX.
Neha
Top achievements
Rank 1
commented on 20 Mar 2024, 06:45 PM

Whats the qoute/cost involved in involved in upgrading to https://www.telerik.com/products/aspnet-ajax.aspx?
Neha
Top achievements
Rank 1
commented on 20 Mar 2024, 06:47 PM

I see some pricing info in the link you shared but that shows per developer. Its an assembly. What will be the cost for an enterprise/company level application upgarde to https://www.telerik.com/products/aspnet-ajax.aspx
0
Rumen
Telerik team
answered on 21 Mar 2024, 03:58 AM

Hi Neha,

For Enterprise-Ready Offerings please contact a product specialist at https://www.telerik.com/contact or write directly to telerik-sales@progress.com. 

You can find more information in the Purchasing and Licensing FAQs center -> Do you offer volume discounts?

You can save 5% for purchasing between two and five developer tooling licenses, and 10% for more than five developer tooling licenses with your online or offline purchases. Please get in touch with us to discuss your specific needs at Telerik-sales@progress.com.

    Regards,
    Rumen
    Progress Telerik

    Stay tuned by visiting our public roadmap and feedback portal pages! Or perhaps, if you are new to our Telerik family, check out our getting started resources
    Tags
    Grid
    Asked by
    Neha
    Top achievements
    Rank 1
    Answers by
    Rumen
    Telerik team
    Share this question
    or