The official profile for Umbraco - The Friendly OpenSource ASP.NET CMS. Managed by Umbraco HQ.
Umbraco has released patches for versions 10.0.0 - 10.8.8 and 13.0.0 - 13.7.0, as well as 14.0.0 - 14.3.2 and 15.0.0 - 15.2.2, to address high-severity vulnerabilities related to the ImageSharp dependency. Users are advised to update to the latest minor versions for optimal security.
Umbraco versions 10.0.0-10.8.7, 13.0.0-13.5.2, and 14.0.0-15.1.1 have moderate-severity vulnerabilities, while Umbraco 8 and below are unaffected. Patches are available for the latest minor versions, and Umbraco Cloud sites will receive automatic updates. Vulnerabilities include XSS and user enumeration issues.
Umbraco versions 8.0.0 to 14.3.0 are affected by various medium-severity vulnerabilities, requiring users to upgrade to the latest minor versions for patches. Vulnerabilities include stored XSS and potential code execution risks, necessitating authenticated access for exploitation. Users are encouraged to enable automatic minor upgrades for enhanced security.