kb(dpl): Add KB for DPL vulnerability (#2763)

dimodi · web-flow · commit a41004f7fc0a · 2025-02-13T15:24:22.000+02:00
* kb(dpl): Add KB for DPL vulnerability

* Update knowledge-base/dpl-security-vulnerability.md
diff --git a/knowledge-base/dpl-security-vulnerability.md b/knowledge-base/dpl-security-vulnerability.md
@@ -0,0 +1,57 @@
+---
+title: Address Telerik Document Processing Security Vulnerability
+description: Learn more about a fixed security vulnerability in Telerik Document Processing
+type: troubleshooting
+page_title: How to upgrade Telerik Document Processing to resove a security vulnerability
+slug: dpl-kb-security-vulnerability
+tags: blazor, dpl
+ticketid:
+res_type: kb
+---
+
+## Environment
+
+<table>
+    <tbody>
+        <tr>
+            <td>Product</td>
+            <td>Telerik Document Processing</td>
+        </tr>
+        <tr>
+            <td>Version</td>
+            <td>Prior to 2025.1.205</td>
+        </tr>
+    </tbody>
+</table>
+
+## Description
+
+The [February 2025 release of Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) resolves a couple of vulnerabilities:
+
+* [CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629)
+* [CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343)
+
+>tip Telerik UI for Blazor uses [Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/introduction) packages and APIs for its [Excel](slug:grid-export-excel), [CSV](slug:grid-export-csv) and [PDF](slug:grid-export-pdf) export features. **Telerik UI for Blazor is NOT affected by the mentioned resolved vulnerabilities.** This article exists only as a heads-up to customers who may be using Telerik Document Processing in their Telerik Blazor applications.
+
+This article describes potential next steps for developers working specifically with Telerik Document Processing.
+
+## Solution
+
+No action is required if:
+
+* Your application is not referencing Telerik Document Processing packages explicitly.
+* Your application is not using `Telerik.Zip` APIs directly.
+* Your application is not importing an `HTML` file and exporting it to `RTF` format.
+
+If your use case scenario is the opposite of the listed items above, then:
+
+* [Get familiar with the vulnerabilities, their impact, and resolutions](#description).
+* Upgrade Telerik Document Processing to version **2025.1.205** or later.
+
+In addition, see [how to use different versions of Telerik UI for Blazor and Telerik Document Processing](slug:dpl-kb-version-conflict-detected-telerik-zip).
+
+## See Also
+
+* [Release Notes for Telerik Document Processing version 2025.1.205 (2025 Q1)](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205)
+* [KB article for CVE-2024-11629](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629)
+* [KB article for CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343)
