x First time here? Check out the FAQ
Tim Geyssens started this project on Monday, September 20, 2010 it's current version is 1.1 .

Package Info

Project Owner/Creator


Tim Geyssens

5503posts 11416karma

Project Compatibility

No compatible versions have been reported, be the first!

View Details Report Compatibility

Project Information

Project owner:
Tim Geyssens
Per Ploug  Paul Sterling 
Monday, September 20, 2010
Is Stable:
Project is stable
Current version
security  patch 

ASP.NET Security Vulnerability Patch

A security hole has been uncovered in the platform umbraco is based on (full details here: weblogs.asp.net/.../...security-vulnerability.aspx). This means that your website can potentially be compromised. We therefore strongly recommend that you install this package to check if your site is open to the vulnerability and to apply the recommended workaround.

The package will check for the following vulnerability types:

  • customErrors element not found in web.config
  • mode attribute on customErrors element not found
  • mode attribute on customErrors element set to 'Off'
  • different error pages for different error codes
  • defaultRedirect attribute on customErrors element not found
  • defaultRedirect attribute on customErrors element not set

If a vulnerability has been detected the user can choose to perform the fix.

This package has been tested on

  • Umbraco v4.5.2 .net 4.0
  • Umbraco v4.5.2 .net 3.5
  • Umbraco v4.0.4.2 .net 2
  • Umbraco v4.0.4.2 .net 3.5


Version 1.1 of the package also updates the /config/404handlers.config and replaces the default 404 handler with one that always redirects to the custom error page. So after applying the patch it won't be possible to setup custom error pages in the /config/umbracoSettings.config.

If you already installed version 1 then it's possible to install the latest version again, this will then just update the /config/404handlers.config file.


If it's not possible to install the package or the package installation fails please follow the directions in the guide below to update your website or hand them to your IT department who can perform the upgrade as well.


Package Files

Source Code



Archived Files