June 2025 Security Advisory, DevRel Deep Dive Launches, UMBRAAD 2025 videos now online and much more...

Sign Up | View Online | Previous Editions

UMB.FYI 2025-06-04

Poll

How do you consume the UMB.FYI newsletter?

[ ✉️ Email ] [ 🌐 Website ] [ 💬 Social Media ]

Umbraco HQ

Security Advisory, June 3, 2025: Security Patch is now available

Umbraco CMS 15 has a moderate security vulnerability allowing unauthorized file uploads by bypassing configured extensions. Patches for affected versions (15.0.0 - 15.4.1) are now available, with automatic updates for Umbraco Cloud. João Mendes from Devoteam Cyber Trust reported the issue, which has not been exploited prior to this disclosure.

[ ] [ #security ]

uProfile May 2025 - Cherie Gregory

Cherie Gregory, CEO of Koben Digital, has been a key figure in the Umbraco Community for 20 years. From her early involvement with Umbraco HQ to founding her agency and organizing the Umbraco Down Under Festival, Cherie emphasizes community engagement and authenticity. She aims to expand her business while continuing to support the Umbraco community.

[ ] [ #uprofile ]

Community

Skrift Issue #117

Featuring guest posts by Jen Wolke on "Is it Content?" and Janae Cram on "How to Set up Cultiv.Hangfire with AppSettings Configuration"

[ ]

How to fix: "Umbraco.Templates could not be installed, the package does not exist"

Owain Jones shares their experience setting up a new laptop and configuring a development environment. He encountered an error when trying to install the Umbraco.Templates package, which stemmed from not having nuget.org set as a source. After adding it, the issue was resolved, prompting the author to document the solution for others.

Part 1 : Enabling SAML Single Sign-On for Umbraco Backoffice with PingID Integration

In this guide, Nijas Hameed outlines the steps to enable SAML Single Sign-On for Umbraco Backoffice using PingID. Key prerequisites include a PingID account and the AspNetSaml NuGet package. The configuration involves adding an application in Ping Identity, setting up SAML parameters, and mapping user attributes for successful integration.

[ #authentication ]

Part 2 : Enabling SAML Single Sign-On for Umbraco Backoffice with PingID Integration

Nijas Hameed outlines the configuration of PingID SAML authentication in Umbraco, detailing steps such as setting up SAML settings in appsettings.json, creating a strongly-typed configuration class, registering services, and implementing login and response handling controllers. It emphasizes the importance of HTTPS and validates SAML responses for user authentication.

[ #authentication ]

Umbraco 14 End of Life

In the transition to Umbraco 14, the introduction of the new Backoffice and Umbraco.UI marked a significant overhaul from the outdated AngularJS codebase. The upgrade process was complex, particularly for custom extensions, but with community support and evolving documentation, the author successfully rebuilt essential packages for the new system.

[ #upgrades ]

How to Create a Website in Umbraco the easy way | ByteEditor

Umbraco website builders, like ByteEditor, offer a user-friendly, drag-and-drop platform for creating websites without extensive coding knowledge. They leverage Umbraco's robust CMS capabilities, enabling users to design, customize, and publish professional sites quickly and cost-effectively. This approach combines ease of use with powerful features, making website creation accessible to all.

Watch & Listen

umbraCoffee - May Security Advisory, Umbraco 16 RCs, Events and more!

The May episode of umbraCoffee covers Umbraco 16 RCs, a security advisory urging users to upgrade older versions, new features like protected properties and segmentation, team updates, event highlights, sustainability efforts, documentation improvements, and a new content audit dashboard.

[ ] [ #umbracoffee ]

DevRel Deep Dive: Rollback Previewer

Sebastian and Lottie introduce "DevRel Deep Dive," a new video series exploring recent Umbraco developments. The first episode showcases the Umbraco Rollback Previewer package, enhancing content rollback by replacing raw JSON with user-friendly visual comparisons. Created by Richard Ockerby and Mike Masey, the tool emerged from a hackathon and is now publicly available.

[ #devreldeepdives ]

DevRel Deep Dive: Content Lock

Sebastiaan and Lottie explore Content Lock, an open-source Umbraco package by Warren Buckley that prevents accidental edits through real-time content locking, enhancing team collaboration. It includes configurable options and uses SignalR with IOptionsMonitor for real-time updates.

[ #devreldeepdives ]

UMBRAAD 2025

Recordings for the UMBRAAD 2025 online accessibility event are now available for you to watch. Topics include a fireside chat about Accessibility From The Top Down, Making Accessibility a Team Sport, The Practical Web Accessibility Playbook and much more.

[ #accessibility ] [ #umbraad ]

Packages

Reflections.Umbraco15.StarterKit

Reflections StarterKit for Umbraco 15

[ #starterkits ]

Social

Sign up for Umbraco security advisory notifications

[ #security ]

Release Candidate 4 for Umbraco 16 is out now

[ ] [ #umbracocms ]

Umbraco Launches DevRel Deep Dives

[ ]

Using AI to convert Umbraco Articulate from v13 to v15

[ #packagedev ]

Umbraco Clean Starter Kit Template for Umbraco v16-RC4 now available

[ ] [ #starterkits ]

Umbraco Clean Starter Kit available as NuGet Package and NuGet Template

[ ] [ #starterkits ]

---
UMB.FYI, Unit 128100, PO Box 4336, Manchester, M61 0BW