We've just released version 4.11.8 and 6.0.5. The only changes from their previous versions is the security fixes, so it's a safe upgrade. Head on out to CodePlex or NuGet to get them."
In other words the security issues have been fixed in 4.11.8 and 6.0.5, which is why the file is back again.
Perhaps it's just me, but the blog post was rather ambiguous. Firstly, it mentioned two additional vulnerabilities. The inference seems to be that the patch is for just those two. To further muddy the waters, it states "recommendation is still: delete umbraco.webservices.dll". It's not clear whether this pertains only to version 4.5.0 or also to the latest versions.
Can you confirm that umbraco.webservices.dll has been fixed?
The webservices assembly has indeed been fixed in 4.11.8 and 6.0.5. However, it's likely that we'll stop including it in future versions as it's a different programming model and has limited usage.
Should "umbraco.webservices.dll" be included in v6.0.5?
I was a bit surprised to find "umbraco.webservices.dll" in v.6.0.5.
Is it fixed or should it not have been included in 6.0.5?
Can anyone give me a link to a page that explains exactly what umbraco.webservices.dll been neded for?
This might help: http://umbraco.com/follow-us/blog-archive/2013/5/1/security-update-two-major-vulnerabilities-found.aspx Charlie :)
Hi Arie
This is a quote from the blogpost about the two secutiry issues, which you can read here: http://umbraco.com/follow-us.aspx
"Upgrading
We've just released version 4.11.8 and 6.0.5. The only changes from their previous versions is the security fixes, so it's a safe upgrade. Head on out to CodePlex or NuGet to get them."
In other words the security issues have been fixed in 4.11.8 and 6.0.5, which is why the file is back again.
Hope this helps.
Oops, too slow apparently :)
Hi Jan,
Perhaps it's just me, but the blog post was rather ambiguous. Firstly, it mentioned two additional vulnerabilities. The inference seems to be that the patch is for just those two. To further muddy the waters, it states "recommendation is still: delete umbraco.webservices.dll". It's not clear whether this pertains only to version 4.5.0 or also to the latest versions.
Can you confirm that umbraco.webservices.dll has been fixed?
The webservices assembly has indeed been fixed in 4.11.8 and 6.0.5. However, it's likely that we'll stop including it in future versions as it's a different programming model and has limited usage.
is working on a reply...