Umbraco

Security blog posts

Read blog posts related to Security

Umbraco Forms Security Notice

A routine security audit conducted by Umbraco’s third party security analyst, Dionach has identified a vulnerability in our add-on product Umbraco Forms

October 14, 2016

Major security vulnerability patched in Umbraco versions 4.50 through 4.7.1.1

If you're still running Umbraco sites that are of versions between 4.5.0 and 4.7.1.1 you need to update your site today with the patches provided here

Security alert - Update ClientDependency immediately

Update: this information is now obsolete, a new vulnerability was found and a new update is required | Version 4.5 - 7.1.9 is affected

February 5, 2015

Security issues found in Umbraco 4, 6 and 7

Today we're publishing the results of 2 independent security audits that uncovered issues that you need to be aware of & fix in your Umbraco installations

Security update - one more major issue fixed in 4.7.0 through 4.7.1.1

Security update from May 23, 2014 - one more major issue fixed in 4.7.0 through 4.7.1.1 | New patches for the affected versions

Major vulnerability in Umbraco 4.5.0 through 4.7.0 fixed

This only applies to versions of Umbraco from 2011 or older. If you're running Umbraco 4.5 - 4.7.0, this blog post contains important information.

Security update - two major vulnerabilities found

We analyzed the entire Umbraco core and found two Umbraco vulnerabilities | Also included are links on how we handle vulnerabilities at Umbraco

Security vulnerability found - immediate action recommended

During one of the regular security audits that independent security firms (in this case: MWR Labs) do of the core, a severe security vulnerability was found

Security update for 4.10.0

Just now, Shannon stumbled upon a bug in the recent 4.10.0 release, that exposes a security issue | This security problem ONLY affects installs of 4.10.0

November 14, 2012