14 DAY TRIAL // A few days ago, the developers of the Umbraco content management system (CMS) platform advised users to take immediate action to prevent the exploitation of a serious vulnerability in the integration web services.
On Wednesday, Umbraco sent out another alert, notifying users of two additional major vulnerabilities.
“In parallel with the earlier security alert, we’ve been going through every method in Umbraco that deals with external requests. Based on this analysis, we’ve found two additional vulnerabilities and therefore we strongly recommend that you update your installation(s),” Niels Hartvig, the founder of Umbraco, wrote in a blog post.
To make it easier for users, patched versions have been developed for all Umbraco releases from the past 3 years.
“We know this is frustrating as you’ve probably already spent time this week updating your installations. We hope you understand that we took this double approach with delete first, patch secondly to ensure that your Umbraco installation would be as secure as possible in the quickest possible way,” Hartvig added.
The latest versions of Umbraco are available for download here.
If you want to fix an older version, you can find all the patches on Umbraco’s blog.