Monday, December 16, 2019
On 10 December 2019, the Umbraco HQ reported the discovery of a security vulnerability on its official blog, which was immediately fixed. Find out in this article how you can find out whether your Umbraco project is affected.
Let’s start with the good news: the vulnerability was classified as “not serious”. The third-party plugin used in Umbraco 7 was vulnerable to data exposure. A patch for affected versions was made available right after the vulnerability was discovered. It affects Umbraco versions 7.0 to 7.14. If you are a user of one of these versions, we recommend patching your website immediately. However, users of the Umbraco cloud service do not have to do anything, as the patch has already been deployed by the Umbraco HQ. Projects that run on Umbraco 7.15 or Version 8 are not affected by this vulnerability. For more information and the link to your patch, see Umbraco’s detailed report.