Umbraco 6.0.4 and 4.11.7 released

Thursday, April 25, 2013 by Sebastiaan Janssen

Security -sml1It's time again for our regular patch release and this time we've added some improvements to back office security.

As part of a security audit done by a Umbraco Confidence customer and  independent security company MWR Labs we made some updates to the core to prevent that an authenticated Umbraco user would be able to access certain edit screens in sections of Umbraco that the User hadn't been granted access for. 

Don't be scared, the risk of these security issues being exploited is very low.

Other than that, this is a pretty small patch release for both v4 and v6. There's of course bug fixes and and you should see improvements in bulk publishing (more improvements to come soon).

For a full list of changes:

The releases are now available on CodePlex and on NuGet (6.0.4 & 4.11.7), enjoy!

14 comment(s) for “Umbraco 6.0.4 and 4.11.7 released”

  1. Gravatar ImageCraig Says:

    Where are the upgrade instructions to upgrade from 6.0.3 to 6.0.4? I'm half way through a 6.0.3 site and would like to upgrade it to the latest.
    Thanks.

  2. Gravatar ImageSebastiaan Janssen Says:

    As mentioned on Codeplex: http://our.umbraco.org/documentation/Installation/Upgrading/general

    In short: overwrite /bin /umbraco /umbraco_client and /install and follow the upgrade wizard.

  3. Gravatar ImageCraig Says:

    Thanks Sebastiaan. I couldn't see in codeplex but have it now. :)

  4. Gravatar ImageMarthijn Wassink Says:

    Hi Sebastian. I tried to update as described in http://our.umbraco.org/documentation/Installation/Upgrading/general . Copied all files but when i start the website there's is no upgrade screen. When i invoke the webservice it still points to 6.0.3. Is there a way to force the upgrade?

    I run the site from VS2012

    Thx!

  5. Gravatar ImageSebastiaan Janssen Says:

    @Marthijn Did you try to go to /install and run the upgrade installer?

  6. Gravatar ImageMarthijn Wassink Says:

    @Sebastian Yes i did. I just returns to the main website.

    I just tested the 6.0.4 zip with a new empty VS2012 project. That works fine.

  7. Gravatar ImageSebastiaan Janssen Says:

    @Marthijn I've heard this from one other person before but I can never reproduce the issue. Is it at all possible to zip up the solution + database and send it to me so I can solve this issue for once and for all?

    You should be able to just change the version number from 6.0.3 to 6.0.4 in the web.config to complete the upgrade.

  8. Gravatar ImageMarthijn Says:

    @Sebastiaan I sure can. Can't find your e-mail address? Can you see my e-mail address that i entered with the messages?

  9. Gravatar Imageesunxray Says:

    Could I update 4.11.6 to 6.0.3 directly?

  10. Gravatar ImageMarthijn Wassink Says:

    @Sebastiaan Thanks for helping me out!

    The problem that Umbraco wouldn't update was because i installled UB through nuget. So if you overwrite your package file nuget will put them back to the installed version. The solution for me was to run 2 nuget commands:
    Get-Package -updates
    Update-Package UmbracoCms.Core

    @esunxray Check this page http://our.umbraco.org/documentation/Installation/Upgrading/version-specific

  11. Gravatar ImageJerremy Says:

    We always use nuget to upgrade our packages, is there a way to make the nuget not overwrite our configuration files?

  12. Gravatar ImageJmk Says:

    Little bit off topic - will Belle be a direct upgrade from 4.11 or 6? Just planning a couple of projects that I'm hoping will end up using Belle in the coming months.

  13. Gravatar ImageSebastiaan Janssen Says:

    @Jmk Very unlikely, don't get your hopes up. :-)

  14. Gravatar ImageJmk Says:

    Hi Sebastiaan - just wondering which version would be easier to upgrade from? because from what I understand Belle is being developed at the moment with 4.11?

Leave a comment