DotVVM
dotnet · DotVVMHeads-up
DotVVM Adds Required Cryptographic Token for File Uploads
DotVVM now requires a cryptographic token for file upload requests and adds the `DotvvmConfiguration.
20 Jun 2026 · schedule it
dotnet · DotVVMCritical
DotVVM ReDoS vulnerability mitigated with route regex timeout
DotVVM versions 4.3.15, 4.2.11 and 5.0.0-preview09 apply a 1 second timeout to route regex operations. When timeout is triggered,
20 Jun 2026 · act now
dotnet · DotVVMCritical
DotVVM AuthorizeActionFilter broken, allows unauthorized access
The AuthorizeActionFilter class is broken and does nothing, allowing unauthorized access.
20 Jun 2026 · act now