At Umbraco, we take security matters seriously and do our best to provide the best possible amount of information with the right timing for any security-related matters.
When we have security-related announcements we believe you need to be explicitly aware of, we announce them in the following ways on the day we publish a patch or manual workaround:
- On the Umbraco blog we will post a Security Advisory, guiding you on how to fix the vulnerability and provide you with other related information that we are able to share.
- We share this Security Advisory post on Twitter @umbracoproject. This is our dedicated Twitter account for tech/dev information; releases, security patches, RFCs etc.
- A separate email will also go out linking to the Security Advisory post to all our subscribers of our main mailing list. You can subscribe to this list by filling out your details in the "Want to be updated on everything Umbraco?" form at the bottom of this page.
- Umbraco Cloud; All Umbraco Cloud project automatically gets the security patch the day of release. All "Technical Contacts" of any Umbraco Cloud project will also get an email sent directly to them linking to the Security Advisory blog post. If you haven’t updated your technical contact on your Umbraco Cloud projects you can do so in your project settings, once you've logged into the Umbraco Cloud Portal, under the menu “Edit team”.
Previous Security Advisories
If you want to know how our security advisories look and/or want to know which ones we've published in the past, go to History of Umbraco Security Advisories