In November 2017 we became aware of a security flaw in the Telerik third-party components we use to enhance the user experience of our server-based products. We now have a fix to address this issue and will incorporate this fix into our next release in Q1 of 2018. If you need the fix prior to the official release, please submit a ticket and we will provide a link to the hotfix with instructions.
Our fix replaces bamboo.framework.wsp with a new version including the 2017 version of the Telerik DLLs that include the vendor's updated code.
For more information on the Telerik weak encryption issue, see https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security.