x First time here? Check out the FAQ

Come work for Umbraco - The Umbraco HQ are hiring Project managers, .NET developers and DevOps people!

Tim Geyssens started this project on Monday, September 20, 2010 it's current version is 1.1 .

Package Info

Project Owner/Creator

Avatar

Tim Geyssens

5096posts 10379karma

Project Compatibility

No compatible versions have been reported, be the first!

View Details Report Compatibility

Project Information

Project owner:
Tim Geyssens
Contributors:
Per Ploug  Paul Sterling 
Created:
Monday, September 20, 2010
Is Stable:
Project is stable
Current version
1.1
License
MIT
Tags
security  patch 
Downloads:
12021

ASP.NET Security Vulnerability Patch

A security hole has been uncovered in the platform umbraco is based on (full details here: weblogs.asp.net/.../...security-vulnerability.aspx). This means that your website can potentially be compromised. We therefore strongly recommend that you install this package to check if your site is open to the vulnerability and to apply the recommended workaround.

The package will check for the following vulnerability types:

  • customErrors element not found in web.config
  • mode attribute on customErrors element not found
  • mode attribute on customErrors element set to 'Off'
  • different error pages for different error codes
  • defaultRedirect attribute on customErrors element not found
  • defaultRedirect attribute on customErrors element not set

If a vulnerability has been detected the user can choose to perform the fix.

This package has been tested on

  • Umbraco v4.5.2 .net 4.0
  • Umbraco v4.5.2 .net 3.5
  • Umbraco v4.0.4.2 .net 2
  • Umbraco v4.0.4.2 .net 3.5

--------------------------------------------------------------------------------------------------------------------------------------------

Version 1.1 of the package also updates the /config/404handlers.config and replaces the default 404 handler with one that always redirects to the custom error page. So after applying the patch it won't be possible to setup custom error pages in the /config/umbracoSettings.config.

If you already installed version 1 then it's possible to install the latest version again, this will then just update the /config/404handlers.config file.

--------------------------------------------------------------------------------------------------------------------------------------------

If it's not possible to install the package or the package installation fails please follow the directions in the guide below to update your website or hand them to your IT department who can perform the upgrade as well.

Screenshots

Package Files

Source Code

Documentation

Resources

Archived Files