Replacing a SOLR certificate is routine business these days, but something went sideways this time, and I couldn't stop the service, which led to its own problems. In the end I created a self signed one and used that instead, and I'll show you what I did to get the service to respond. 

A critical vulnerability has been announced, which is related to UI controls from Telerik. It affects CM and standalone, but if you are following proper security protocols the risk should be low even though the vulnerability is high. I'll explain.

This week Sitecore released a known issue stating, “Any Sitecore Client user is capable of performing boost and kick operations after the maximum number of allowed users has been reached”. A starting point for the code fix was provided, but teams will need to complete it, then package and deploy it. I've done that and uploaded the package for anyone who needs it. 

A critical vulnerability has been announced, which allows for unauthenticated file reads on a CM or Standalone instance. It's recommended this patch is installed on all instances from version 8.0 initial release to 10.4 initial release.

The polyfill.io domain, which used to be the source for a library that helps resolve inconsistencies across different browsers, has been purchased by the Chinese company Funnull in February 2024, and is now using it to inject malware into well over 100,000 websites around the world.

A common question raised in the community is, “How do I unlock a Sitecore account due to bad password attempts?”. The fix is easy enough with a simple SQL command, but why not use a task that will do this for you? Let's go over the direct fix using SQL and an automated way as well.

The most recent security patch from Sitecore addressed some critical issues. There is an assumption in it, however, that you're using PowerShell 6, which will break some functionality if you have a lower version installed. 

During routine maintenance I saw our xDB was busy, having received a couple hundred thousand new contacts in a short amount of time. Having gone through an exercise of updating the excludedUserAgents configuration, I was curious to see what I might have missed. Looking at the User Agents of the new traffic revealed something alarming, but also presented the opportunity for my next module.

On December 10^th, Apache announced a critical issue with their Log4J library being vulnerable to RCE (Remote Code Execution) attacks, for certain versions of Solr. They listed upgrading Solr as the preferred method for rectifying this issue, but since Sitecore's compatibility is usually closely bound to a limited number of versions, modifying your current installation would be the safest approach.

Sitecore Managed Cloud can be a lot of things for an organization, saving a great deal of time and expense having offloaded numerous tasks and resources. One important step that's still up to you, is restricting access to non-delivery resources. Today we're going to cover doing this, along with some automation using PowerShell.