Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Mike Masey 39 posts 253 karma points MVP 5x c-trib
    May 26, 2017 @ 08:31
    Mike Masey
    0

    Does anyone know if the issues raised in this post from 2014 are still relevant for Umbraco 7?

    https://umbraco.com/blog/security-issues-found-in-umbraco-4-6-and-7/

    If there are any core team reading this, would you be able to update it to clarify whether any action is required for the newer versions of Umbraco.

    Thanks in advance, H5YR!

  • Sebastiaan Janssen 5044 posts 15475 karma points MVP admin hq
    May 26, 2017 @ 12:00
    Sebastiaan Janssen
    100

    Thanks, I've updated the notes here to indicate that both issues were fixed for the next releases (6.2.2 and 7.1.7 respectively) so new releases since that blog post would not be affected by this issue. We would never release a new version with known security issues in it.

    For proxy.htm it is important that you do check if the content is the same as in the github commit that's mentioned in the blog post, if an upgrade did not replace this file you might still be vulnerable. The booting.aspx issue was fixed in a dll so that should be up-to-date already else you would be seeing errors all over the place.

  • Mike Masey 39 posts 253 karma points MVP 5x c-trib
    May 26, 2017 @ 12:48
    Mike Masey
    0

    Brilliant, thanks a lot for the update Seb.

Please Sign in or register to post replies

Write your reply to:

Draft