We’ve just recieved this from the Umbraco team:
During one of our regular security audits of the core, a severe security vulnerability was found in the integration web services of Umbraco and we recommend everyone to take immediate action to prevent any exploit.
More details will come in a few weeks when people have had a chance to update their installations, but for now we ask you to remove the following file from all your Umbraco installations:
/bin/umbraco.webservices.dllThe security vulnerability affects all versions of Umbraco.
This will not affect the daily use of your Umbraco installation. It *might* affect integration with your Umbraco installation, but less than 1% use the integration web services. For those who do use the integration web services we recommend that you get in touch with sebastiaan@umbraco.com.
We’re sorry for the inconvenience.
Best
Niels Hartvig on behalf of the hard working core team.
We are going to remove this file from all the Umbraco installations we are hosting. If you’re using this file to integrate your website with another system, please contact us to arrange for the file to be restored (with the knowledge that it imposes a security risk for your site!).
Share
APR
2013
About the Author:
Juri er en af de tre stiftere i Fab:IT. Han har beskæftiget sig med computere siden 1990, Linux siden 1998 og startede sin første virksomhed i 1999.