Skip to main content

Kentico Security Tip: How To Automatically Keep Your Site Secure With The Latest Security Hotfix

March 03, 2021

NewsKentico Security Tip: How To Automatically Keep Your Site Secure With The Latest Security Hotfix

Kentico Security Tip: How To Automatically Keep Your Site Secure With The Latest Security Hotfix

March 03, 2021



In the day and age of hackers and data breaches, it is critical for you to keep your site up-to-date with the latest security hotfixes. It is your job to keep your visitor's data secure (and your organization safe).

Kentico does a great job keeping its platform secure. If a security vulnerability is found, Kentico has always been great about releasing a fix very quickly. But just because the fix has been released, it does not mean your site is safe. You need to make sure the hotfix is applied to your site.

Kentico is also good at communicating when an important security hotfix available. But maybe someone in your organization unsubscribed to that email list. Maybe that email is going to a person that doesn't work there anymore. Maybe that email is going to the original vendor that built your site, and you do not work with them anymore.

How To Know If You Need To Apply A Hotfix

If you want to see how to check your site for the latest hotfix version [continue reading here]

The Latest Security Hotfixes

Here are some of the latest Security Hotfixes (at the time of writing this article 11/3/2020)

  • 12.0.75 - Security - Important: Method used to resolve URLs was vulnerable to XSS

  • 12.0.60 - Security - Important: Administrators able to edit Global administrator users

  • 12.0.50 - Security - Important: Flawed MIME type validation for uploaded files

  • 12.0.48 - Security - Moderate: Virtual context URLs leak via the HTTP Referer header

  • 12.0.37 - Security - Important: Unrestricted file upload in MVC forms

  • 12.0.32 - Security - Moderate: User widget properties disclosing system object information

  • 12.0.15 - Security - Critical: Unauthenticated Remote Code Execution through .NET object deserialization in staging service

  • 11.0.48 - Security - Critical: Unauthenticated Remote Code Execution through .NET object deserialization in staging service

  • 10.0.52 - Security - Critical: Unauthenticated Remote Code Execution through .NET object deserialization in staging service

  • 9.0.51 - Security: Security improvements

  • 9.0.15 - Security: Users restored from the recycle bin with the Global administrator Privilege level

If you are interested in having this automatically checked for you every day along with 100+ other checks. Then you might be interested in a FREE Trial of Constant Care for Kentico.

This post originally appeared on LinkedIn; see it here.

Share This Post:

Twitter Pinterest Facebook Google+