Sitecore has recently announced Security Bulletin SC2022-001-500712
You can read in depth on the Sitecore Support website here.
This vulnerability affects a wide range of versions and should be patched immediately.
All Dataweavers customers were patched as early as the 6th of January with the last customers rolled out on the 14th of January. This highlights the importance of a CSP (Content Security Policy) to further reduce the risk of XSS (Cross Site Scripting) events. Whilst not appropriate for all websites and does add a layer of ongoing maintenance, the CSP mechanism is widely support and extremely powerful.
If you are unsure on how to apply the security patch to your Sitecore solution, contact us today to discuss our free security remediation service.
Discover the critical questions you need answered to avoid 5 key hosting and cloud infrastructure mistakes that all DX Platform owners encounter.