Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
Hey guys,
Somebody pointed out a security issue on one of our websites running umbraco v 4.7.0 (Assembly version: 1.0.4868.25116)
Link to the exploit http://www.exploit-db.com/exploits/19671/
Are you aware of this issue. Has it been patched?
Is this the same vulnerability as listed here or is this a different one?
I've sorted this out with Sebastiaan. If you have any concerns please contact [email protected].
We have now issued a patch release for this issue as I failed to see the full impact back then, sorry for the delay! http://umbraco.com/follow-us/blog-archive/2014/5/20/major-vulnerability-in-umbraco-450-through-470-fixed.aspx
Hey Sebastiaan...is it correct that 4.7.1 and 4.7.2 are NOT affected by this?
Cheers, Jan
@Jan Quote:
A few years ago we fixed a security issue in Umbraco 4.7.1 which we weren't aware could have more impact then we thought at the time.
So yes, correct... we fixed it in 4.7.1, but not for earlier versions. Else there would've been patches for other versions as well.
Thanks, thought so but just had to be 100% sure - And seems I missed the highligthed part when I read the blogpost :)
XOXO Jan
is working on a reply...
Write your reply to:
Upload image
Image will be uploaded when post is submitted
Security issue v4.7
Hey guys,
Somebody pointed out a security issue on one of our websites running umbraco v 4.7.0 (Assembly version: 1.0.4868.25116)
Link to the exploit http://www.exploit-db.com/exploits/19671/
Are you aware of this issue. Has it been patched?
Is this the same vulnerability as listed here or is this a different one?
I've sorted this out with Sebastiaan. If you have any concerns please contact [email protected].
We have now issued a patch release for this issue as I failed to see the full impact back then, sorry for the delay! http://umbraco.com/follow-us/blog-archive/2014/5/20/major-vulnerability-in-umbraco-450-through-470-fixed.aspx
Hey Sebastiaan...is it correct that 4.7.1 and 4.7.2 are NOT affected by this?
Cheers, Jan
@Jan Quote:
So yes, correct... we fixed it in 4.7.1, but not for earlier versions. Else there would've been patches for other versions as well.
Thanks, thought so but just had to be 100% sure - And seems I missed the highligthed part when I read the blogpost :)
XOXO Jan
is working on a reply...