Vulnerability in EPiServer.Forms
I tried updating to the latest upgrade package - update 39 but ran into some trouble.
It seems updating to EPiServer.Cms.UI.7.9.0 works good but since upgrading to EPiServer.Cms.Core.7.8.0 and EPiServer.Framework.7.8.0 and running the database upgrade to v7007 I get a server 503 error when trying to save content in edit mode. The service /cms/Stores/contentversion returns "Network error 503 service unavailable".https://www.dropbox.com/s/qjnqlepdw8jemuj/error.png?dl=0After a few tries the application pool crashes.I tried doing the upgrade on a Alloy Templates website and that works as expected.What changed in the upgrade of EPiServer.Framework.7.8.0 and EPiServer.Cms.Core.7.8.0 to have caused this?Would be nice to solve this, as it prevents us from updating to any newer versions.
The latest available packages are 7.15 for the CMS core and 7.15 for the UI. Are you sure that you have installed the latest packages from the public feed?
Hello!That's what I did originally, and because the error occurred I tracked it back to the first database upgrade, v7007 (update 18, EPiServer.CMS.UI.7.9.0 and EPiServer.CMS.Core.7.8.0).
I now noticed that it's not only the Contentversion service, it's pretty much all the services in edit mode that fails with a server 503 error.
I'll try and install the latest packages again though, and get back to you.
The latest package versions I get in the Nuget feed is CMS Core 7.14.2 (not 7.15) and CMS.UI 7.15.
Tried installing the latest packages in the Nuget feed - error remains.
I've never seen this 503 error so it's likely that it's due to something in your code or environment. Are you experiencing this locally and can debug it? I assume that you have run the database upgrade scripts after upgrading?
Yes, ran the database upgrade script accordingly.
Experiencing the error in all our environments - dev, stage and prod.
> mscorlib.dll!System.Collections.Generic.Dictionary<System.Type,System.Collections.Generic.Dictionary<StructureMap.Pipeline.Instance,object>>.Initialize(int capacity) + 0x66 bytes
mscorlib.dll!System.Collections.Generic.Dictionary<System.Type,System.Collections.Generic.Dictionary<StructureMap.Pipeline.Instance,object>>.Insert(System.Type key, System.Collections.Generic.Dictionary<StructureMap.Pipeline.Instance,object> value, bool add) + 0x13b bytes
StructureMap.dll!StructureMap.InstanceCache.getCache(System.Type type) + 0x51 bytes
StructureMap.dll!StructureMap.InstanceCache.Get(System.Type pluginType, StructureMap.Pipeline.Instance instance) + 0x1d bytes
StructureMap.dll!StructureMap.BuildSession.CreateInstance(System.Type pluginType, StructureMap.Pipeline.Instance instance) + 0x1b bytes
StructureMap.dll!StructureMap.BuildSession..ctor.AnonymousMethod__1() + 0x19 bytes
StructureMap.dll!StructureMap.BuildSession.CreateInstance(System.Type pluginType) + 0x18 bytes
StructureMap.dll!StructureMap.Container.GetInstance(System.Type pluginType) + 0x4e bytes
EPiServer.Framework.dll!EPiServer.ServiceLocation.StructureMapServiceLocator.DoGetInstance(System.Type serviceType, string key) + 0x29 bytes
EPiServer.Framework.dll!EPiServer.ServiceLocation.ServiceLocatorImplBase.GetInstance(System.Type serviceType, string key) + 0x2b bytes
EPiServer.Framework.dll!EPiServer.ServiceLocation.ServiceLocatorImplBase.GetInstance<EPiServer.IContentRepository>() + 0x3d bytes
EPiServer.Framework.dll!EPiServer.ServiceLocation.Injected<EPiServer.IContentRepository>.Service.get() + 0x25 bytes
EPiServer.dll!EPiServer.DataFactory.Save(EPiServer.Core.IContent content, EPiServer.DataAccess.SaveAction action, EPiServer.Security.AccessLevel access) + 0x2a bytes
Found the cause of the problem. In our own dependencies there was a dependency resolver to use DataFactory.Instance as IContentRepository (due to not always having a context when needing the ContentRepository). When I removed it, the error disappeard.
Thanks for making me take a second look. :)