Umbraco HQ announced a medium-severity security issue affecting versions of Umbraco from Umbraco 8 to Umbraco 11, including the now out of support Umbraco 9.  All customers are advised to have their sites updated with the available patches.

 

Updated 29 March 2023: Umbraco have announced an additional patch release due to another vulnerability found.  The level of impact has not changed however.

 

As per common practice, details of the exploit have not been released, however we do know that Umbraco 7 is not affected by this vulnerability.  We also know that the exploit only applies once you've logged in and have access to the Umbraco backoffice (the content editing and configuration environment for the site hosted on Umbraco).

Key Facts

  • Umbraco 7 is not affected
  • Umbraco 9 is affected, however there is no patch available.  If your site is running on Umbraco 9, it's recommended to upgrade to the latest Long Term Support (LTS) version - currently Umbraco 10.
  • This exploit only affects the site when someone is logged in and has access to the Umbraco backoffice.
  • Umbraco Cloud hosted sites will have already been patched by Umbraco HQ by now

If your site is running on Umbraco Cloud you should still have someone review your sites and ensure that the upgrade has been successfully completed.

Details on the vulnerability and how to upgrade can be found on Umbraco HQ's blog here: Security Advisory, March 21, 2023: Patch is now available (umbraco.com).

If you would like support or assistance in upgrading your site reach out to us and we'll be glad to help.

Talk to us about an upgrade today   View our Support packages  
Share this article... Twitter Facebook LinkedIn

Keep Reading

Guest Article: Codegarden '24 Review with Ben Tudball

Guest Article: Codegarden '24 Review with Ben Tudball

In the months leading up to the Codegarden '24 conference, the Umbraco Meetup groups in Australia ran a competition to send one lucky winner on an all-expenses paid trip to Odense, Denmark for the conference in June. This is Ben's story.

Robert Foster Robert Foster Robert Foster
Umbraco Security Advisory 12 December 2023 announced

Umbraco Security Advisory 12 December 2023 announced

Umbraco HQ announced a high-severity security issue affecting versions of Umbraco from Umbraco 8 through to Umbraco 12.  All customers are advised to have their sites updated with the available patches.  Umbraco Cloud hosted sites are affected but will get patched automatically.

Robert Foster Robert Foster Robert Foster
Unlocking Success with User Experience (UX) Best Practices

Unlocking Success with User Experience (UX) Best Practices

User Experience (UX) has become an integral part of building successful digital products and services. In today's competitive landscape, businesses need to prioritise the needs and expectations of their users to deliver delightful experiences. This blog post explores the significance of UX, its benefits, and highlights some of the best practices to ensure exceptional user experiences.

Chris Gregson Chris Gregson Chris Gregson
.NET Maui for cross-platform apps

.NET Maui for cross-platform apps

MAUI is a popular open-source community-driven project. The platform has many contributions from both Microsoft and open-source developers alike, ensuring that any bugs and new features are thoroughly tested and rapidly deployed to the general community.

UX and SEO: Uniting Forces for a Winning Online Strategy

UX and SEO: Uniting Forces for a Winning Online Strategy

UX and SEO, once considered rivals, now dance together in harmony. User Experience (UX) aims to delight visitors, while Search Engine Optimisation (SEO) aims to gain visibility. Finding the right balance between the two has been challenging for marketers and UX designers, but the key lies in integrating these practices from the beginning. In this article, we'll explore how UX and SEO complement each other, their occasional conflicts, and how to find common ground to create solid digital experiences.

Chris Gregson Chris Gregson Chris Gregson