List of security contributors

Thank you and H5YR for making Umbraco safer 🙌

We regularly get reports about security issues in Umbraco and appreciate those very much, we'd like to thank the following people for their amazing efforts in making Umbraco more secure:

• João Mendes - Devoteam Cyber Trust, Portugal

• Arne Hildrum - NTNU university Gjøvik

• Kristian Eriksen - NTNU university Gjøvik

• Erik Hansen-Tangen Breien - NTNU university Gjøvik

• Ahmed Hazem - Cyshield

• Ivan Valadares

• Pratik Patil - NetSPI

• Kira

• Michal Biesiada

• Tarik Essadki

• Duong Phamm

• David Armitage - Recsite Design

• David Taylor - Core Vision

• Bogdan Kosarevskyi, Andrey Karandashov, and Dmytro Minaev - UKAD

• Marcin Węgłowski and Mariusz Popławski - AFINE Team

• Jeffrey Schoemaker - Perplex Internetmarketing

• Kai Stimpson - Perspective Risk Ltd

• Josh Grossman - Comsec Global Consulting

• Steve Smith - BMT Group Ltd

• Martial Puygrenier - NES Cyber Security Experts

• Christian Bruun

• Frederik Raabye - Dubex A/S

• Grégory Draperi

• Ronald Barendse - Panorama Studios

• Steven Harland - Quorum Cyber

• Boik Su 

• Abhishek Karle

• Jonathan Yarema – Trustwave

• Shofe Miraz - CyberCX

• Christoph Kim - Born Digital

• Gary O’Leary-Steele - AppCheck Ltd

• Hesham Mahmoud

• Pontus Andersson

• Raphael Silva - checkmarx

• Patrik Jezierski - QESTIT

• Joshua Nibbs - Aura Information Security

• Bram Heijmink - Proud Nerds

• Kaushik M Babu

And thanks to the following people for pointing out configuration errors on some of our own properties:

• Shwetabh Suman

• Srishail Racharla

• Vasim Shaikh

• Suyog Palav

• Pal Patel

• Md. Nur A Alam Dipu

• Sameer Phad

• Danish Tariq

• Mustafa Diaa

• Ketan Madhukar Mukane

• Hafiz Muhammad Farhan

• Umar Ahmed 

• Anurag Muley

• Yash Agarwal

• Vivek Panday

• Hemant Patidar

• Akhil Sabu

• Hitesh Paliya

• Irshad Ahamed

• Gourab Sadhukhan

• Subhamoy Guha

• Badal Sardhara

• Adrian Gigliotti

• Qazi Abdullah Alam

• Prathamesh Surekha Prakash Pawar

• Tameem Khalid

• Deepak Dhiman

External companies reporting and supporting us in fixing security issues:

• SEC Consult Unternehmensberatung GmbH.

• KraftWerk technologies GmbH 

• Tenable - view report

  • Conclusion: All reported issues are identified as medium risk without any identified exploitations and have been resolved in collaboration with the reporter.

Note: we include only people in this list who bring us actionable items. Sending us results of automated scans is usually not helpful and won't automatically qualify you for a credit. Additionally, we only credit the first person who points out a problem that we can fix. Consecutive reports of the same issue will not be credited. if you want to know how best to report a security vulnerability in Umbraco, please follow the official guideline.