Major security vulnerability patched in Umbraco versions 4.50 through

Written by:

If you're still running Umbraco sites that are of versions between 4.5.0 and you need to update your site today with the patches provided here

We have been alerted of a major security issue in Umbraco versions released before 2012, if you're still running Umbraco sites that are of versions between 4.5.0 and you need to update your site today with the patches provided below. 

Please refer to the table below, the new version of umbraco.dll is listed here for each affected version of Umbraco, including a download link.


Umbraco version new umbraco.dll assembly version
4.5.0 1.0.5904.24845
4.5.1 1.0.5904.24629
4.5.2 1.0.5904.25028
4.6.0 1.0.5904.25578
4.6.1 1.0.5904.26133
4.7.0 1.0.5904.26466
4.7.1 not available* 1.0.5904.26907

* Unfortunately a patch for 4.7.1 is absent, this is because to we have been unable to reconstruct at which point 4.7.1 was actually built, so we can not issue a patch for this version.
The advise for 4.7.1 is to delete ~/umbraco/webservices/templates.asmx. Deleting this file will only impact the insertion of snippets in templates, editing of templates will still work just fine.

How to apply the fix?

  • Make a backup of your Umbraco installations "bin" folder, please do not forget this
  • Download the zip file from the list above that matches your Umbraco version
  • After downloading it, right-click the file, go to properties and click the "unblock" button (this is very important!)
  • You've made a backup of the bin folder, right?
  • Then simply copy the updated file(s) from the zip file into your Umbraco site's bin folder, overwriting the existing files

Custom Umbraco build or not able to patch?

If you're not able to patch your installation or if you run a modified version of Umbraco - if you have modified the source of Umbraco and built your own version - we recommend that you setup a firewall to protect against external calls to /umbraco. You can see if you run a custom build of Umbraco by comparing your assembly version with the one in the table below. If the dll is of the below version numbers then you can safely overwrite the current version with the patched version (after making a backup, of course).

Also, if you are running a custom build of any of the Umbraco versions listed above and need advise on how to update your build to be safe then please e-mail us so we can provide you with that specific information.

Previous security problems

Below is a list of security issues that we've fixed before, if you want to review your sites for potential issues. The download links in the older posts contain the links to these updated patch files.


Again, if you have any questions, please e-mail us so we can provide you with appropriate information.

Loved by developers, used by thousands around the world!

One of the biggest benefits of using Umbraco is that we have the friendliest Open Source community on this planet. A community that's incredibly pro-active, extremely talented and helpful.

If you get an idea for something you would like to build in Umbraco, chances are that someone has already built it. And if you have a question, are looking for documentation or need friendly advice, go ahead and ask on the community forums.

Want to be updated on everything Umbraco?

Sign up for the Umbraco newsletter and get the latest news and special offers sent directly to your inbox