Umbraco HQ announced a high-severity security issue affecting versions of Umbraco from Umbraco 10 to Umbraco 12.  All customers are advised to have their sites updated with the available patches.  Umbraco Cloud hosted sites are not affected.

It's also possible that Umbraco 9 is also affected, however there will be no patch due to Umbraco 9 being out of support.  It's recommended to upgrade sites running on Umbraco 9 to at least the latest Umbraco 10 LTS version.

We do know that sites running on Umbraco Cloud are not affected; we also know that the exploit can be mitigated by ensuring Automatic Upgrades is enabled.

Key Facts

  • All sites using the Unattended Install feature are not subject to the vulnerability.
  • Umbraco Cloud are not affected by the vulnerability, but will be upgraded regardless by Umbraco.
  • Sites running Umbraco 9 are very likely to be affected by the vulnerability, but will not receive a fix as it's out of support.

Details on the vulnerability and how to upgrade can be found on Umbraco HQ's blog here: Umbraco Security Advisory, July 13, 2023.

If you would like support or assistance in upgrading your site reach out to us and we'll be glad to help.

Robert Foster Robert Foster By Robert Foster

Share this article... Twitter Facebook LinkedIn
Interested in keeping your Umbraco investment up to date?  Have a look at our support options and contact us today.

Keep Reading