Book a discovery call
Book a discovery call
Menu
Umbraco Sticker On Lock (1)

How to get informed on security matters

Stay on top of Umbraco Security Advisories

At Umbraco, we take security matters seriously and do our best to provide the best possible amount of information with the right timing for any security-related matters. 

When we have security-related announcements we believe you need to be explicitly aware of, we announce them in the following ways:

Security Advisory: heads-up

When we have been made aware of a severe security issue and have found a fix, we start by giving you a heads-up a few days before releasing the fix. This is to ensure you have the right people ready to implement the fix on the day it gets released. The heads-up communication includes:

  • A Security Advisory heads-up post on the Umbraco blog. This post will not reveal any details of the issue but might give you information about which versions/products are affected. This is to ensure that the vulnerability does not get exploited before you have the chance to upgrade and fix. 

  • We share this Security Advisory heads-up post on Twitter @umbracoproject.

  • An email will go out linking to the Security Advisory heads-up blog post to all our subscribers of our main mailing list and the dedicated Security mailing list. You can subscribe to the main Umbraco email list by filling out your details in the "Want to be updated on everything Umbraco?" form at the bottom of this page. ​

  • Umbraco Cloud: All Umbraco Cloud projects automatically gets the security patch the day of release. All "Technical Contacts" of any Umbraco Cloud project will also get an email sent directly to them linking to the Security Advisory head-up blog post, so you're aware that a security patch will be rolled out. If you haven’t updated your technical contact on your Umbraco Cloud projects you can do so in your project settings, once you've logged into the Umbraco Cloud Portal, under the menu “Edit team”.


Security Advisory: fix released 

On the day we publish a patch or manual workaround for the security issue, following communication will happen:

  • On the Umbraco blog we will post a Security Advisory, guiding you on how to fix the vulnerability and provide you with other related information that we are able to share. 

  • We share this Security Advisory post on Twitter @umbracoproject. This is our dedicated Twitter account for tech/dev information; releases, security patches, RFCs etc. 

  • A separate email will also go out linking to the Security Advisory post to all our subscribers of our main mailing list and the dedicated Security mailing list. You can subscribe to the main Umbraco email list by filling out your details in the "Want to be updated on everything Umbraco?" form at the bottom of this page. ​

  • Umbraco Cloud; All Umbraco Cloud project automatically gets the security patch the day of release. All "Technical Contacts" of any Umbraco Cloud project will also get an email sent directly to them linking to the Security Advisory blog post. If you haven’t updated your technical contact on your Umbraco Cloud projects you can do so in your project settings, once you've logged into the Umbraco Cloud Portal, under the menu “Edit team”.

Previous Security Advisories 

If you want to know how our security advisories look and/or want to know which ones we've published in the past, go to History of Umbraco Security Advisories 

Loved by developers, used by thousands around the world!

One of the biggest benefits of using Umbraco is that we have the friendliest Open Source community on this planet. A community that's incredibly pro-active, extremely talented and helpful.

If you get an idea for something you would like to build in Umbraco, chances are that someone has already built it. And if you have a question, are looking for documentation or need friendly advice, go ahead and ask the Umbraco community on Our.

Want to be updated on everything Umbraco?

Sign up for the Umbraco newsletter and get the latest news and special offers sent directly to your inbox