Scaffolded Visual Studio Project for Security Bulletin SC2025-003 hotfix
The Sitecore team releases hotfixes in between major product releases in order to sneak-in important/minor functionalities. Sometimes the simplest things might go out-of-mind if out-of-sight. So, in those lines, this simple note is to show how to apply a Sitecore hotfix to a Sitecore XM/XP web root. Since Sitecore XC runs on top of an XM/XP instance, the approach is the same - install the hotfix on the CM instance unless the readme file provides any additional information. For instance, in case of SC2025-003, the FAQs section explicitly states that this hotfix must be applied to different roles so, the folders/files must be applied to all these roles by finding the web app related to these roles:
Now, there are multiple ways to install a hotfix and usually the readme file has instructions like,
1. Use Sitecore installation wizard
2. Copy over the files/directories to the web root folder
3. Add an IIS url rewrite rule
While hotfixes like approach-3 are totally out-of-scope for this post, this post is mainly for approach-2. Although you could write a PS script to do the second approach and one of my earlier blog notes covers the PowerShell approach, in this note, I've followed the time-tested approach of deploying/publishing the hotfix files via Visual Studio and I've created this project in 2022. This approach also helps to centralise all your hotfixes within your code/solution structure by storing the artifacts in github.
The latest Sitecore Security bulletin is here for reference. This has patch files/folders for different Sitecore versions. Now, the easiest approach to add the patch files to your web root is to create a web app project in Visual Studio and just publish that project. In those lines, I created the web app project so that you can just add this project to your solution and publish what is needed, instead of you setting up this patch/project from scratch and yes, community work is the best work.
So, I already downloaded the zip for Sitecore versions 10-10.4 , unzipped and added the files/folders to my web app project committed to github here. You could follow the same approach for earlier versions like 9.x but use the relevant zip file.
First of all, take a backup of the <webroot>\sitecore\shell\Applications\Dialogs\Upload folder as already stated in the patch readme.
Next, just clone the Github project and setup publish profile pointing to your web root folder. Then, click publish.
Check the showconfig.aspx to find the config files.
Showconfig.aspx (for reference with patch):
bin folder:
Sitecore.Patch.Support.SC2025-003.dll
Sitecore.Support.628372.dll
SItecore.Support.629358-1.dll
Sitecore.Support.629358-2.dll
Sitecore.Support.PDXP-7886.dll
App_config\include\zzz folder:
Sitecore.Support.628372.config
Sitecore.Support.629358-1.config
Sitecore.Support.629358-2.config
Sitecore.Support.PDXP-7180.config
Sitecore.Support.PDXP-7886.config
\sitecore\shell\Applications\Dialogs\Upload folder:
upload.xml
upload2.aspx
*********************************************
Github for reference (for 10.x): https://github.com/navancommits/SC2025-003
##########################################
Script that deletes the files related to patch (run PowerShell in admin mode):
Adjust the $webRoot variable as need-be since it must point to the web root folder:
##########################################
Comments
Post a Comment