Open source cms Umbraco wants to patch serious vulnerability on September 20

Spread the love

The team behind Umbraco, an open source content management system that leverages Asp.net, warns of a serious vulnerability that it plans to patch on September 20. It does not provide details about the leak.

In a warning, the team writes that it is a new vulnerability, the details of which are not yet public. There would be no indications that the leak is being exploited. The leak makes it possible to view protected data or private information on a vulnerable site. The team plans to release a patch on September 20 at 07:00 UTC, or 09:00 local time. The process to apply the patch takes very little time, according to the warning. Due to the severity of the leak, the team is not releasing any further details.

Versions 4.11.9 through 4.11.10 of the cms are vulnerable, as are versions 6.0.6 through 6.2.6 and 7.0.0 through 7.12.2. Customers using Umbraco Cloud do not need to take any action and will receive the patch automatically. The team says that upgrades from versions 7.10, 7.11 and 7.12 will be done normally, and users with versions earlier than 7.10 will have to manually make changes to their site.

Umbraco is open source and it is reported on GitHub that the cms is used by more than 440,000 websites, including Heinz, Amazon and Microsoft.

You might also like