Latest from the umbraco blog

We're more transparent than glass. Follow us on twitter and our blog.

 

Monday, July 21, 2014 by Sebastiaan Janssen

As Umbraco becomes more popular, there's also more people hiring security specialists to analyze our source code for potential vulnerabilities. We applaud this, a fresh view on things can often reveal issues that have been overlooked so far.

Today we're publishing the results of 2 independent security audits that uncovered some issues that you need to be aware of and fix in your Umbraco installations.

Of course we're in the process of fixing these problems for future versions of Umbraco where necessary but many currently running live sites are affected and need updates immediately.

We advise you to update or remove the following files:

  • Update: umbraco\Developer\Packages\proxy.htm with the updated version found in this Github commit.
    Affected versions: all versions 4, 6 and 7
    Impact of updating this file: none.
  • Delete: umbraco\Dashboard\Swfs\AIRInstallBadge.swf
    Affected versions: 4.6.1 through 6.2.1 (v7 is not affected)
    Impact of deleting this file: you won't be able to install Desktop Media Uploader from the backoffice any more, it can still be installed by installing the umbraco\Dashboard\air\DesktopMediaUploader.air file.
  • Delete: Config\Splashes\booting.aspx
    Affected versions: all versions 4, 6 and 7
    Impact of deleting this file: you would only see the "booting" screen if your site takes more than 10 seconds in the phase where Umbraco is starting and cannot serve more than one request, removing this file gives a blank screen instead of the "booting" screen (hardly anybody will ever have seen this screen in the first place).
  • Delete: the install folder
    Affected versions: 4.9.0 through 6.1.6 (6.2.0+ and 7 are not affected)
    Impact of deleting this file: none - we've always advised to delete the install folder immediately after installing Umbraco and never to upload it to a live server.

Please take this advisory seriously and take immediate action to secure your running sites properly.

If you have any questions make sure to leave a comment and remember that this blog doesn't send notification e-mails so check back here to find the answer to your questions.

Thursday, June 26, 2014 by Per Ploug

Since the alpha of 7.2 was shown off in the Codegarden keynote, we've been hard at work, to include a visual configuration of the grid editor. If you havn't seen the new grid UI before, I highly recommend you watch the Codegarden keynote available here - grid demo starts around 35mins in. 

Configuration UI

See the configuration UI on action in this video: 

 

The configuration UI gives you the ability to manage the overall template of the grid, so you can specify how many sections this grid should have.

For each section you can specify which "layouts" the editor is allowed to insert. A layout is basically a row of cells, and each cell then have a number of editors allowed on them.

Layouts are configured once, and then assigned to the different grid sections. So they can be shared on multiple grids / sections. This gives better re-use and a consistent UI for editors. 

The grid structure

Confused about the grid editor and what it contains? - there are a lot of parts to it, but lets go through them all:

  1. The grid has a template
  2. The template has 1 or more sections
  3. Each section has a collection of allowed layouts 
  4. A layout is a row of one or more areas
  5. A layout area has a list of allowed editors
  6. An editor is the component you use to enter data, like a rich text editor, a headline, or picking media.

Clear as mud, right? - anyways, even though there are many small parts, most usage of the grid should be fairly easy since it comes with its new configuration UI and helper methods for templating. 

Breaking changes

However, as we went through the structure of the grid, we also changed a number of variable and collection names in the json-blob stored by the grid editor, so for those who have been playing around with the alpha, will not be able to upgrade to the beta when it's released without loosing grid data and configuration.

So bottomline: we've added a grid configuration UI and changed the data format, so if you upgrade from alpha to beta, expect to loose your grid content+config, it should however reset the grid gracefully.

Monday, June 23, 2014 by Tim Geyssens

14443284284_bb810d16b8_zNow that our yearly conference is over we’ve asked some of our community members (both newcomers and oldtimers) why Codegarden is important to them and what they got out of it!  Again, we had a lot of newcomers this year so lets hear what Heather Floyd has to say .

We've released 100 Super Early Bird tickets for CodeGarden '15. It's June 10-12th 2015 and it's just EUR 300.Get it now and save 50%!

Who are you and why is Umbraco and CodeGarden relevant to you?

I am a web developer who has been working with Umbraco for over 8 years (since version 2-ish) For most of that time I was working on my own, providing websites to clients across the US, I have also worked on an in-house marketing team on a business-critical Umbraco website, and now am back to providing Umbraco websites to clients as part of an advertising agency in New York.
I have really enjoyed connecting with other Umbraco enthusiasts in the US – first as part of the 2007 “US Retreat”, and this past March as a speaker at the first uWestFest event. It was at uWestFest that my Umbraco friends encouraged me to finally attend Codegarden for the first time.

Which session(s)/workshop/event(s) did you got the most out, enjoyed the most?


The keynote was an awesome introduction to the newest stuff coming along in version 7+. I also got a lot out of the PhoneGap and MVC Puree sessions. Pete’s session about build planning was interesting to me since I am always looking for ways to have a more efficient process, and Bob & Pete’s community talk gave me some new ideas for the New York Umbraco Meetups, which are in their infancy right now. The Open Space session on strongly-typed code also generated some notes for “things to explore” for me.

Anything else that you wish to add/share?

I absolutely love being part of the Umbraco universe – not only do we get to work with the best CMS on the planet – but we get to hang out with the sweetest, smartest, coolest geeks around.