What Does “Quarantined” Mean?
In Sitecore’s artifact repository, a “quarantined” status typically means the package has been pulled from public access due to a potential issue — often related to:
- Security vulnerabilities (e.g., a CVE or unpatched exploit)
- Critical bugs that break functionality
- Versioning conflicts with dependencies like
Sitecore.Mvc
So if you’re wondering whether you should wait, the short answer is: yes, if you can afford to. In the meantime, there are a few options you can consider.
What You Can Do
- Upgrade to 10.0.6+ — this version is stable and publicly available, but be aware that some newer packages may require
Sitecore.Mvc >= 10.4. - Fallback to 8.1.0 — not ideal, as it may not support the features you need.
- Reference the DLL directly — this works in a pinch but isn’t ideal for long-term maintainability.
If this is a critical dependency and no public patch has been announced, it’s worth raising a ticket through Sitecore support or checking community channels (Slack, Stack Exchange, or MVP circles) to confirm if a CVE or patch release is expected.
Stay Informed
Want to avoid surprises? You can keep an eye on:
And if you ever stumble upon something like this again — don’t hesitate to ask around.
Like (0)