Security hole found in Umbracos webservice

We’ve just recieved this from the Umbraco team:

During one of our regular security audits of the core, a severe security vulnerability was found in the integration web services of Umbraco and we recommend everyone to take immediate action to prevent any exploit.

More details will come in a few weeks when people have had a chance to update their installations, but for now we ask you to remove the following file from all your Umbraco installations:
/bin/umbraco.webservices.dll

The security vulnerability affects all versions of Umbraco.

This will not affect the daily use of your Umbraco installation. It *might* affect integration with your Umbraco installation, but less than 1% use the integration web services. For those who do use the integration web services we recommend that you get in touch with sebastiaan@umbraco.com.

We’re sorry for the inconvenience.

Best
Niels Hartvig on behalf of the hard working core team.

We are going to remove this file from all the Umbraco installations we are hosting. If you’re using this file to integrate your website with another system, please contact us to arrange for the file to be restored (with the knowledge that it imposes a security risk for your site!).

 

0
  Relaterede indlæg
  • No related posts found.

Add a Comment