Third party libraries used by Sitecore

2015, Dec 18

At Achmea, we made the strategic decision to use Sitecore as platform for all of our websites, we’ve got hundreds of them. To do this at enterprise level, on such a scale, it’s important that we have guidance on infrastructure, development, deployment, security, content, DMS, just to be sure that the stable environment that we deliver, will stay stable. We all know that it’s important to work with the right Sitecore assemblies (correct version) and not to overwrite them. But Sitecore doesn’t only deliver Sitecore assemblies, but 3rd party assemblies as well, for example: Microsoft assemblies, TweetSharp, Facebook API, Google API’s, et cetera. This blogpost tells us what 3rd party components Sitecore ships with, what license is tied to it and what version is delivered. It currently only includes Sitecore 8.0 update 5 and Sitecore 8.1 update 1.

And please try to guess the answer to now: “What is the year of the eldest component that ships with Sitecore?”. You will be surprised ;)

Why is this list important?

All of these components have a history in it’s development lifecycle, may have security issues in older versions and always have a license tied to it. If there’s no license, the components fall under the author’s copyright, which means that you’re not allowed to use that third party component in your software.

Aside from the license issues, make sure that you use the correct version. Sitecore may replace or update the 3rd party components in a future version, which means your software can (and believe me, someday it will) break. There is no guarantee that Sitecore will ship these component in next versions, thus it’s better to be prepared on what to do when things change. Some commercial products are included in the product as well. Questions that I have regarding those products:

  • Do we, as a company, need to have a license as well to use these products, or does the Sitecore license cover this? (Probably it does, but I am not 100% sure)
  • If Sitecore may use the product, for example, Telerik, may we make use of that product in our custom made components as well? For example, when extending content editor functionality? Or do we need to have separate development licenses?

I don’t have answers on those questions yet, but we already asked the question at Sitecore.

The one list

Well, this wall of text finally lead us to the list. I must admit: it was just a desktop research, but I think we are quite complete regarding the versioning. The version info is the “Assembly Info” that I got via ILSpy. I got the most recent versions by looking into github and codeplex repositories, so for some commercial products I really don’t know what the latest version is.

My main concern is that I see some really ancient builds in this list. The eldest component is from 2006! Maybe this list can help Sitecore to upgrade these components to the latest version, for the sake of its ALM ;)

LibrarySitecore 8.0 update 5yearSitecore 8.1 update 1yearCurrent versionyearLicense type 
Telerik.Web.UI.Skins2012.2.607..3520122015.1.401.45??2015License?Telerik UI lib
TweetSharp2.0.0.0< 20132.0.0.03.0.0.12015??Twitter library
WebGrease1.6.5135.2193020141.6.5135.219301.62014?? Optimizing javascript
Yahoo.Yui.Compressor2.1.1.020122.1.1.02.72014BSD-2Compression library
Componentart20102010201020122012??Visualization controls
CsQuery1.3.3.249 ??1.3.3.249 ??1.3.5.200MITCsQuery is a CSS selector engine and jQuery port for .NET 4 and C#.
DotNetOpenAuth4.0.0.111652011/20124.0.0.111654.32013Ms-Pl
Ecmascript.net1.0.1.020121.0.1.01.0.12012MPL 1.1 (Mozilla Public License)EcmaScript.NET is an open-source implementation of EcmaScript based on Rhino (JavaScript for Java) written entirely in C#.
Facebook C# SDK5.4.1.0< 20125.4.1.06.0.10 <2012Apache LicenseFacebook API
Facebook API1.0.0.0 ??1.0.0.0????Ms-Pl (Microsoft Public License)Facebook API – not sure about the source…
GoogleApis.Authentication.OAuth21.02011?1.01.9.32015Apache 2.0Google OAuth2 library. Very ancient library. Stackoverflow post: “class not supported anymore”
Google.Apis1.0.0.305412011?1.01.9.32015Apache 2.0Google API library
Google.Apis.Plus.v11.0.0.0< 20131.01.9.22015Apache 2.0Google plus library
Hammock.Clientprofile1.0.0.0< 20111.01.3.12013MITRest Wrapper
Html Agility Pack1.4.6.020121.4.6.01.4.92014Ms-PlHTML Parser that builds a read/write DOM.
Iesi.Collections1.0.1.020111.0.1.04.0.1.4002013No licenseEnhanced collectrions for .net
IT Hit WebDAV Server .Net v22.1.1.10820092.1.1.108V4.0.24162015Found herewebdav server engine for net
Lucene.net3.0.320153.0.33.0.32015Apache 2 Search
Mvp.Xml2.0.2158.105520062.0.2158.10552.32007BSD LicenseFrom the time before the dinosaurs even didn't exist
Netbiscuits.OnPremise--1.1.0.0??
Newtonsoft.Json6.0.520146.0.8.1811120147.0.12015MITJSON (de)serializer
OAuthLinkedIn1.0.0.0??1.0.0.0????????Looks like it’s taken from a github source, can’t find the original source
Protobuf-net2.0.0.66820132.0.0.66820132.0.0.6682013Apache 2Protocol Buffers library for idiomatic .NET
Telerik RadEditor.net27.2.0.0??7.2.0.0????????
Stimulsoft Base2013.1.1600.020132013.1.1600.020132015.32015LicenseReporting technology
Stimulsoft Database2013.1.1600.020132013.1.1600.020132015.32015LicenseDatabase helper
Stimulsoft Report2013.1.1600.020132013.1.1600.020132015.32015LicenseReporting technology
Stimulsoft Report Web2013.1.1600.020132013.1.1600.020132015.32015LicenseReporting technology
Stimulsoft Report Web Design2013.1.1600.020132013.1.1600.020132015.32015LicenseReporting technology
Telerik.Web.UI2012.2.607.3520132015.1.401.4520152015??Reporting technology
Ninject3.2.0.020153.2.0.020153.22015Ms-PlLightweight dependency injection for .NET
ASP.Net MVC5.1.020145.2.320155.2.32015
System.Web.Webpages3.020133.020133.2.32015
System.Net.Formatting4.0?5.2.320155.2.32015

Conclusion

Quite some third party components are delivered with Sitecore, some are up to date, and some are really ancient. This list can help you to decide whether or not to allow a component to be used in your custom code and whether or not the license tied to the component will have impact on your company from a legal perspective.