Per DISA security hardening requirements, unlisted file extensions should be filtered in URL requests as seen in the following DISA STIG: http://www.stigviewer.com/check/V-26046 To do this, the Telerik UI for ASP.NET AJAX must publish extensions that are used in the libraries. Without the extensions being published, it is not possible to implement this hardening requirement since the application will not function properly due to the unknown extensions being blocked. Please publish the library extensions being used so that the hardening setting to filter unlisted file extensions can be turned on. If this cannot be done, please identify the reasoning so that a deviation from the hardening requirement can be approved by the security team.