Umbraco

🚨 [Updated] Security Advisory, April 8 , 2025 - Patches for Umbraco CMS are now available

The severity of the vulnerability previously announced has been re-evaluated and upgraded from moderate to high. The patch released on April 8, 2025, still fully resolves the issue.

📰 Security Advisory, April 8 , 2025 - Patches for Umbraco CMS are now available

Umbraco has identified a security vulnerability affecting versions 14.0.0 - 14.3.3 and 15.0.0 - 15.3.0, allowing backoffice users to exploit API requests. Patches are now available, and Umbraco Cloud will automatically apply fixes. Users are advised to upgrade to the latest minor versions for optimal security.

🚨 Security Advisory, March 11 , 2025 - Patches for Umbraco CMS are now available

Umbraco has released patches for versions 10.0.0 - 10.8.8 and 13.0.0 - 13.7.0, as well as 14.0.0 - 14.3.2 and 15.0.0 - 15.2.2, to address high-severity vulnerabilities related to the ImageSharp dependency. Users are advised to update to the latest minor versions for optimal security.

💬 Umbraco CMS patches available for two moderate-severity security vulnerabilities

📰 Security Advisory, January 21, 2025 - Patches for Umbraco CMS are now available

Umbraco versions 10.0.0-10.8.7, 13.0.0-13.5.2, and 14.0.0-15.1.1 have moderate-severity vulnerabilities, while Umbraco 8 and below are unaffected. Patches are available for the latest minor versions, and Umbraco Cloud sites will receive automatic updates. Vulnerabilities include XSS and user enumeration issues.

📰 Security Advisory, October 22, 2024 - Patches for Umbraco CMS are now available

Umbraco versions 8.0.0 to 14.3.0 are affected by various medium-severity vulnerabilities, requiring users to upgrade to the latest minor versions for patches. Vulnerabilities include stored XSS and potential code execution risks, necessitating authenticated access for exploitation. Users are encouraged to enable automatic minor upgrades for enhanced security.