At Gecko, we take website security very seriously. That's why we want to inform our valued customers who run their websites on Umbraco CMS about a security advisory issued by Umbraco.
Umbraco has recently released a medium-severity security advisory that affects versions 8, 10, and 11 of Umbraco CMS. The advisory states that there is a vulnerability in the Umbraco Core that could allow an attacker access to files. Umbraco versions affected are:
- Umbraco v8.2.0 - v8.18.6
Umbraco v10.0.0 - v10.4.1
Umbraco v11.0.0 - v11.2.1
Umbraco has released a security patch to address the issue on the latest minor version of each supported major version, which are; 8.18.x, 10.4.x, and 11.2.x. For many websites, this will require an upgrade to the latest relevant minor version before the patch can be applied.
If your website is running on any of the affected Umbraco versions, it is highly recommended that you take this security advisory seriously. Failure to apply the patch could leave your website vulnerable to attacks.
You can read the Umbraco security advisory in full on the Umbraco website.
We want to assure our customers that we take this security issue seriously and will be in touch with our customers who are affected by this security issue with the next steps. If you have any questions or concerns about this security advisory, please do not hesitate to contact us.