Last Updated: 16 Mar 2023 13:29 by ADMIN
A security vulnerability with Excel exports from Telerik Reporting is Macro Injection attacks.
This regularly raises flags during security audits.
Essentially users can create data in the system that will appear in a cell of the report, and execute as a macro and allow running custom code on the computers of anyone who opens the xls or xlsx file.

Currently there is a setting to protect Telerik's exports CSV exports ("FormulaPrefix")

The same setting should be introduced for Excel (xls & xlsx) exports.
It should be another parameter of the xls/xlsx export extensions

Last Updated: 28 Oct 2020 19:02 by ADMIN
Scheduled for R1 2021

If a table-based item (Table, List, Crosstab) does not fit in a single page and needs to occupy more than one page, its bottom border is not drawn on the first page and its top border is not drawn on the second (subsequent) page. This behavior is by design and its purpose is to help the users visually distinguish the table as a single item. The table has only one top and bottom border and they are displayed at the beginning and at the end of the table, regardless how many pages the table actually occupies.

Since users might find this confusing, a table should have a property controlling this behavior. The default state of the property will preserve the current rendering. If the user explicitly sets the property, then the table will draw its top and bottom borders on every page it occupies.

Last Updated: 25 Jun 2020 15:06 by ADMIN
The MsSqlServerStorage class uses a hard-coded string "TR" for its ApplicationName attribute in the connection string. This hard-coded string should be configurable and should not overwrite already existing ApplicationName attribute, if set.