Get Umbraco Certified in October

5 courses in 4 different countries across 2 continents leaves no excuse.

Attend courses in the Netherlands, UK, USA and at Umbraco HQ in Denmark.

See the schedule and read more about our training here.

28 votes

ASP.NET Security Vulnerability Patch

A security hole has been uncovered in the platform umbraco is based on (full details here: This means that your website can potentially be compromised. We therefore strongly recommend that you install this package to check if your site is open to the vulnerability and to apply the recommended workaround.

The package will check for the following vulnerability types:

  • customErrors element not found in web.config
  • mode attribute on customErrors element not found
  • mode attribute on customErrors element set to 'Off'
  • different error pages for different error codes
  • defaultRedirect attribute on customErrors element not found
  • defaultRedirect attribute on customErrors element not set

If a vulnerability has been detected the user can choose to perform the fix.

This package has been tested on

  • Umbraco v4.5.2 .net 4.0
  • Umbraco v4.5.2 .net 3.5
  • Umbraco v4.0.4.2 .net 2
  • Umbraco v4.0.4.2 .net 3.5


Version 1.1 of the package also updates the /config/404handlers.config and replaces the default 404 handler with one that always redirects to the custom error page. So after applying the patch it won't be possible to setup custom error pages in the /config/umbracoSettings.config.

If you already installed version 1 then it's possible to install the latest version again, this will then just update the /config/404handlers.config file.


If it's not possible to install the package or the package installation fails please follow the directions in the guide below to update your website or hand them to your IT department who can perform the upgrade as well.


 Download package
version 1.1

Project owner

Tim Geyssens

Tim Geyssens

Tim has 12373 karma points

Project Compatibility

This project is compatible with the following versions as reported by community members who have downloaded this package:
7.3.x (untested)
7.2.x (untested)
7.1.x (untested)
7.0.x (untested)
6.1.x (untested)
6.0.x (untested)
4.11.x (untested)
4.10.0 (untested)
4.9.1 (untested)
4.9.0 (untested)

You must login before you can report on package compatibility.

Project Information

  • Project owner: Tim Geyssens
  • Created: 20/09/2010
  • Current version 1.1
  • License MIT
  • Downloads: 19260 is the community mothership for Umbraco, the open source cms. With a friendly forum for all your questions, a comprehensive documentation and a ton of packages from the community. This site is running Umbraco version 7.3.0