› Kentico Security Tip: How To Automatically Keep Your Site Secure With The Latest Security Hotfix
Kentico Security Tip: How To Automatically Keep Your Site Secure With The Latest Security Hotfix
March 03, 2021
In the day and age of hackers and data breaches, it is critical for you to keep your site up-to-date with the latest security hotfixes. It is your job to keep your visitor's data secure (and your organization safe).
Kentico does a great job keeping its platform secure. If a security vulnerability is found, Kentico has always been great about releasing a fix very quickly. But just because the fix has been released, it does not mean your site is safe. You need to make sure the hotfix is applied to your site.
Kentico is also good at communicating when an important security hotfix available. But maybe someone in your organization unsubscribed to that email list. Maybe that email is going to a person that doesn't work there anymore. Maybe that email is going to the original vendor that built your site, and you do not work with them anymore.
How To Know If You Need To Apply A Hotfix
If you want to see how to check your site for the latest hotfix version [continue reading here]
The Latest Security Hotfixes
Here are some of the latest Security Hotfixes (at the time of writing this article 11/3/2020)
12.0.75 - Security - Important: Method used to resolve URLs was vulnerable to XSS
12.0.60 - Security - Important: Administrators able to edit Global administrator users
12.0.50 - Security - Important: Flawed MIME type validation for uploaded files
12.0.48 - Security - Moderate: Virtual context URLs leak via the HTTP Referer header
12.0.37 - Security - Important: Unrestricted file upload in MVC forms
12.0.32 - Security - Moderate: User widget properties disclosing system object information
12.0.15 - Security - Critical: Unauthenticated Remote Code Execution through .NET object deserialization in staging service
11.0.48 - Security - Critical: Unauthenticated Remote Code Execution through .NET object deserialization in staging service
10.0.52 - Security - Critical: Unauthenticated Remote Code Execution through .NET object deserialization in staging service
9.0.51 - Security: Security improvements
9.0.15 - Security: Users restored from the recycle bin with the Global administrator Privilege level
If you are interested in having this automatically checked for you every day along with 100+ other checks. Then you might be interested in a FREE Trial of Constant Care for Kentico.
This post originally appeared on LinkedIn; see it here.