Vulnerability in EPiServer.Forms
I didn't encounter any of this last year during my first attempt of installing Episerver Insight but I'm seeing a strange issue now with the latest versions of Episerver Insight (1.10.0) in combination with the latest version of the CMS 11.12 (CMS.UI - 126.96.36.199)
Our Epi CMS was recently upgraded by our dev team and everything looks good (I still need to get used to the blue theme :)). I installed Episerver Insight v1.10, following the same steps as per the dev guide. I can confirm the Insight tab now appears which is great. I have also tested the API keys provided to me via Swagger and I can confirm I'm getting a 200 response on one of the GET API's. However, when I click on the actual Insight tab, I get the following error:
Not only is the Insight UI not working, navigating to the Episerver Find UI also now returns the exactly same Socket exception above, which is strange. I tried uninstalling all nuget packages related to Episerver Insight, Profiles and Tracking. Episerver Find comes back up and running again with no issues.
So I tried re-installing the 3 sets of nuget packages to identify the culprit that's causing Episerver Find to break. Up until the installation of Episerver.Profiles.Client and Episerver.Tracking.CMS, the Episerver Find UI works. However, when installing Episerver.Insight.UI, that's when Episerver Find UI gets broken.
I have deployed the codebase to one of the Integration environments in the DXC and the same symptoms occur. Help?
We run Episerver Insight 1.10 in our demo environments which shows some default reporting (which is what the error seems to relate to). Gut feel says perhaps reporting hasn't been enabled on your instance and isn't available? Worth checking in with your CSM to see if reporting is avaialble on your instance?
I see a site with
EPiServer.CMS.UI 11.21.7EPiServer.Commerce.UI 13.7.1EPiServer.Insight.UI 1.11.0EPiServer.Find.Cms 13.2.4work normally (on Azure and local). Could you please try with latest version like that?
We are trying to reproduce the issue. Please use the following workaround before we have a proper fix:
public class HackReportingHelper : IReportingHelper, IConfigurableModule
public bool IsReportingAvailable()
public void ConfigureContainer(ServiceConfigurationContext context)
public void Initialize(InitializationEngine context)
public void Uninitialize(InitializationEngine context)
Thanks Jonas and David. It does seem like the Reporting feature is not available on the account.
I've implemented the above HackReportingHelper.cs and the Insight UI now displays and Find UI also works as expected.
However, while I can now load the Insight UI, there are errors in the console and the Insight Profiles tab is infinitely showing the message "Loading..."
The console errors I get on the Profiles tab are:
Both URL's result to the following:
Similar console errors occur on the Segments tab:
Epi Support found the issue - the Epi Insight APIs require a minimum of TLS version 1.2. Unfortunately the codebase we were working on was not.
Adding the below to the the Application_Start() in the Global.asax file fixed it:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;