Drupal by Gobinath Mallaiyan
Drupal by Gobinath Mallaiyan

Critical Security Vulnerability to be Announced – Drupal 7 & 8

The Drupal Security team notified the Drupal community last week with a very simple message – “there will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC.”  and action is needed!

The security advisory did not identify any specific details of the release, however, only describing it as a “highly critical security vulnerability” and urging site owners and developers to take immediate action. For more info click here.

The announcement is not like the other routine releases where Drupal Patches are clearly mentioned, for example the last update. This time, we are simply told that the core updates should be “actioned within hours or days,”.

The decision not to share any details with Tech Leads, CXO’s and Drupal website owners has led to heightened concerns as to how serious the issue could potentially be. One thing seems clear: this update should be taken seriously and fixes should be applied as quickly as possible.  

Interestingly, despite Drupal 8.3.x and 8.4.x no longer being actively supported, i.e. Drupal does not normally provide security releases for unsupported minor releases, Drupal on this occasion will be releasing a fix for these versions.

The upcoming security advisory will list the appropriate version numbers for all three Drupal 8 branches. Specific details regarding the patches and version numbers are noted below:

  • Sites on 8.3.x should immediately update to the 8.3.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.
  • Sites on 8.4.x should immediately update to the 8.4.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.
  • Sites on 7.x or 8.5.x can immediately update when the advisory is released using the normal procedure.
  • Drupal 6.x.x is also unsupported, although a security patch is expected to be released in due course.

Drupal is an open source Content Management System (CMS) that is the selected platform for over one million websites, extranets and web-apps. The CMS is the second most popular web management platform behind WordPress.

Should you have a site that needs updating, or simply have questions regarding Drupal updates, development, or release, please feel free to get in touch with a member of our team.

Have a Cookie

Our website uses cookies to understand how the site is used and to ensure your experience is consistent between visits, click Learn More to find out how we use cookies. If you'd like to disable cookies, please refer to this helpful guide.