Microsoft published critical vulnerability CVE-2025-55315. While its impact on Origam remains to be tested, here is the overview of the versions and steps needed to address the issue:
| Version | Needed steps |
|---|---|
| pre 2024.9 | Origam runs on .net 6.0 and it is not affected |
| 2024.9 - 2025.10.0 | Origam runs on .net 8.0 and its docker images are affected. If you’re using the docker images you should upgrade to 2025.10.1. If you’re hosting Origam on IIS you should update .net runtime. |
| 2025.10.1 and further | Origam runs on .net 8.0 and its docker images are using patched .net runtime. If you’re hosting Origam on IIS you should update .net runtime. |