Vulnerability in EPiServer.Forms
We have EPiFind onsite, in a strictly controlled production environment. Connections to servers "outside" of our environment is prohibited. The onsite server works more or less as expected, but every 10 minutes, the following error is logged:
2016-02-01 10:06:43,508 ERROR  ?.? - Could not fetch https://dl.episerver.net/version.json, the following occured: System.AggregateException: One or more errors occurred. ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at EPiServer.Find.UI.Helpers.ExternalResourceHelper.FetchVersionFromExternalResource[T](String urlToJsonFile)
---> (Inner Exception #0) System.Threading.Tasks.TaskCanceledException: A task was canceled.<--->--->
This looks like EPiFind is trying to "call home".
Can this be turned off?
Looks like it's trying to get hold of the latest version...
This is how Find resolves the base path to client resources. Default value of clientSideResourceBaseUrl attribute in episerver.find.ui configuration section is https://dl.episerver.net/$version$/ and the system tries to get the current version from https://dl.episerver.net/version.json in order to construct the base path for Find UI resources and tracking scripts. This value is cached for 10 minutes, that's why you get next call after cache is expired.
You can define base path for Find client resources explicitly in episerver.find.ui section:
I guess in your case the system uses https://dl.episerver.net/current/ as clientSideResourceBaseUrl when it fails to load last version.
Other option is enabling requests to https://dl.episerver.net/ and all sub-paths to ensure that you don't stick to specific version and will get updates and bug fixes in tracking scripts and Find UI.