Recent security update: Is unattended *upgrades* a...
# help-with-umbracok
kdx-perbol
07/13/2023, 2:01 PMAnnouncement says "unattended install" is a sufficient workaround for the security issue. But is unattended upgrades sufficient?
**EDIT**: TLDR: No, unattended installations need to be enabled.
kdx-perbol
07/13/2023, 2:01 PM10.6.1, 11.4.2, 12.0.1.
kdx-perbol
07/13/2023, 2:02 PM> Enabling the Unattended Install feature will mean the vulnerability is not exploitable.
s
Sebastiaan
07/13/2023, 2:15 PMActually yes, the problem happens when you get into an install state, unattended installs prevent you from getting into that state.
k
kdx-perbol
07/13/2023, 2:39 PMWe haven't actually enabled unattended installations, only unattended upgrades. Is that sufficient? So technically, we have unattended installs disabled, but unattupgrades enabled.
s
Sebastiaan
07/13/2023, 2:43 PMYeah it requires unattended installs enabled
k
kdx-perbol
07/13/2023, 2:43 PMAlso, is U8 safe? Asking for a friend.
s
Sebastiaan
07/13/2023, 2:43 PMYou can read the advisory for what is not safe 😉
Sebastiaan
07/13/2023, 2:44 PMAlso, if you do enable unattended installs, you'll need to deploy that live anyway. I'd advise to do the upgrade to the latest patch instead, should be painless.
k
kdx-perbol
07/13/2023, 2:44 PMNot from 8.10... 🤣
kdx-perbol
07/13/2023, 2:45 PMThanks. We'll keep upgrading!
s
Sebastiaan
07/13/2023, 2:45 PM> Versions affected: Umbraco 10.0.0-10.6.0, 11.0.0-11.4.1. and Umbraco 12.0.0
Conclusion: don't worry about v8
k
kdx-perbol
07/13/2023, 2:47 PMI saw that of course, but it also says that 9 is likely affected. Yeah, 8 has plenty of other worries already
s
Sebastiaan
07/13/2023, 2:49 PMIf we don't mention 8 then it's because there's nothing to mention 😅
We didn't mention v4 either 😛
k
kdx-perbol
07/13/2023, 2:53 PMI think v7 is the first one I used...
7 Views