Umbraco Cloud security update January 4th

Written by Kim Sneum Madsen

Thursday, January 4th an update was rolled out on Umbraco Cloud to ensure that sites remained secure. This happened earlier than we had communicated we would do so, as the update was pushed by Microsoft to the entire Azure platform on short notice.

Umbraco Cloud has been patched and your sites are protected

Originally we were planning to update Umbraco Cloud in two stages on January 7th and January 10th, which we have given notice about on the Umbraco Cloud statuspage (The information has since been removed as the maintenance has been cancelled). The updates fixed vulnerabilities referred to as “speculative execution side-channel attacks”, also known as Meltdown.

But as some of you might know, Microsoft unilaterally decided to start the updates on very short notice.

This meant that updates were deployed rapidly to Umbraco Cloud which resulted in some outages as well as features temporarily being unavailable during the day.

You can read more about the fix on the Azure blog where the acceleration of the planned maintenance is also described.

We always strive to inform well ahead of time about updates like these, but unfortunately, this update was pushed on very short notice, which meant we did not have time to inform you as early and accurately as we would have preferred.

We are sure you understand the reason and apologize for any inconvenience this may have caused.

If you are not on Umbraco Cloud

If you are not on Umbraco Cloud then your hosting provider is responsible for keeping your web server up to date, and is most likely already in the process of, or already done, updating your web server. Keep an eye on their media and if in doubt, reach out to them and ask them.

Also, if you have not already done so, remember to update your own machine as soon as possible.