More stories
Share
Tuesday, May 15, 2018

Umbraco Forms Security update

Who is affected?

If your are running Umbraco Forms version 4.4.0 or higher, you are affected. If you are running a version below 4.4.0 or any version of Umbraco Contour you are not affected. We have previously reached out to everyone we know has Forms installed to give an early warning regarding this issue, but to be on the safe side, you should check which version of Forms you are running in all of your websites.

You can check your Forms version by logging in to the Backoffice, click on the Forms section and the Dashboard will show the current version number. (You can also check the version number in the file ~/App_Plugings/UmbracoForms/version)

If your Forms version number is 4.4.0 or higher you should upgrade as soon as possible.

How to upgrade

We have now released the new versions of Forms 4.4, 6 and 7. In order to apply the fixes you should upgrade to the latest patch version first, to make it as easy as possible to update.

These releases of Forms can be downloaded from Our Umbraco or from NuGet. The upgrade will require some dll-files to be replaced. Umbraco Cloud sites will be upgraded automatically.

  • If you are running Forms version 4.4.x, make sure to upgrade to 4.4.7
  • If you are running Forms version 6.0.x, make sure to upgrade to 6.0.8
  • If you are running Forms version 7.0.x, make sure to upgrade to 7.0.3

We strongly encourage you to upgrade immediately, since the severity of the vulnerability is critical.

Details

A remote code execution vulnerability exists in the core functionality of Umbraco Forms version 4.4.0+. This allows attackers to exploit an Umbraco site, which results in the site being compromised.

We will not reveal the exact nature of the vulnerability in order to make it possible for everybody to prepare and to patch their Forms installs.

We have no indication that this vulnerability is currently being exploited in the wild.

Questions

If you have any questions, please reach out to us and we’ll get back to you shortly.

- Umbraco HQ

Related Story

Sofie's Docs Diary: Umbraco Cloud

Where to start? When it comes to the Umbraco documentation there’s a lot of places I could choose to start. But then I thought - where can I make the most impact the fastest and easiest? Umbraco Cloud. So that’s what I’ve been tidying and improving recently - and oh boy, looking at it now, the structure is much friendlier and easier to follow (not to toot my own horn too loudly 😉 )

If you don't know Umbraco, here are some numbers behind the world's friendliest CMS

One of the biggest benefits of using Umbraco is that the community is incredibly pro-active, extremely friendly and helpful.

Chances are that if you get an idea for something you would like to build in Umbraco, someone has already built it. So it is very likely that you can get good and friendly advice from someone from the Umbraco community on Our - just ask.

Number of active installs
443.450
Number of active members in the community
220.022
Known free Umbraco packages available
320

Want to be updated on everything Umbraco?

Be among the first to know about special offers on our products and services. Get invitations to Umbraco events and festivals sent directly to your inbox.

All you need to do is get on our mailing list and soon you'll become a true Umbraco-know-it-all.

Sign up for Umbraco newsletters and offers

Are you sure, that's your real e-mail?