Security update for 4.10.0

Wednesday, November 14, 2012 by Sebastiaan Janssen


Just now, Shannon stumbled upon a bug in the recent 4.10.0 release, that exposes a security issue. 

This security problem ONLY affects installs of 4.10.0 and is easily fixed by downloading the patch file on CodePlex to upgrade your site to 4.10.1.

How to upgrade:

  • Download the UmbracoCms.Patch.4.10.1.zip
  • If you extract the files using Window's built in compression tool you will need to 'UNBLOCK' the ZIP filefrom the Properties Dialog before doing so. Otherwise your installation may not include all required files.
  • Place the dll files you find in the patch zip file in your /bin folder
  • Change the version number in your web.config from 4.10.0 to 4.10.1
    • Or if you still have the install folder in place, run the installer, it will do the exact same thing (update the version number). There are no database upgrades.
  • All done!

We've update the version checker so anybody running 4.10.0 should see an upgrade message soon.

We urge everybody with a 4.10.0 site to upgrade to 4.10.1 as soon as possible. Versions OTHER than 4.10.0 are NOT affected at all, so you won't need to take any action for those.

Our sincere apologies for the incovenience!

7 comment(s) for “Security update for 4.10.0”

  1. Gravatar ImageAndy Says:

    The link above to UmbracoCms.Patch.4.10.1.zip doesn't look to be correct - I get a redirect to /site/notallowed. It should I believe be: http://umbraco.codeplex.com/downloads/get/531113

  2. Gravatar ImageSebastiaan Janssen Says:

    Thanks Andy, all fixed!

  3. Gravatar ImageRune Says:

    Do you have any details on the issue? Impact, location etc.?

  4. Gravatar ImageSebastiaan Janssen Says:

    Details coming in a week or so (we want to give people time to patch first). Upgrade is completely safe.

  5. Gravatar Imagewindows patches Says:

    It's very useful! Thank you very much.

  6. Gravatar ImageRune Says:

    Where did you release detailed info about this issue?

  7. Gravatar ImageGanpat Singh Rathore Says:

    It's very useful! ThankS

Leave a comment