Just now, Shannon stumbled upon a bug in the recent 4.10.0 release, that exposes a security issue.
This security problem ONLY affects installs of 4.10.0 and is easily fixed by downloading the patch file on CodePlex to upgrade your site to 4.10.1.
How to upgrade:
- Download the UmbracoCms.Patch.4.10.1.zip
- If you extract the files using Window's built in compression tool you will need to 'UNBLOCK' the ZIP filefrom the Properties Dialog before doing so. Otherwise your installation may not include all required files.
- Place the dll files you find in the patch zip file in your /bin folder
- Change the version number in your web.config from 4.10.0 to 4.10.1
- Or if you still have the install folder in place, run the installer, it will do the exact same thing (update the version number). There are no database upgrades.
- All done!
We've update the version checker so anybody running 4.10.0 should see an upgrade message soon.
We urge everybody with a 4.10.0 site to upgrade to 4.10.1 as soon as possible. Versions OTHER than 4.10.0 are NOT affected at all, so you won't need to take any action for those.
Our sincere apologies for the incovenience!
