it.ucsf.edu

Security Update:Drupal Released a HIGHLY CRITICAL Security Update for Core 8

Status Type

Security Update

Date and Time

Tuesday, July 19, 2016 - 12:30

Reason

Security Update

Impact

Drupal Core 8.x Users

 

WHAT HAPPENED?
Drupal has released updates to address a Highly Critical vulnerability.

Advanced Users: For the full Public Announcement refer to Drupal Core - Highly Critical - Injection - SA-CORE-2016-003 at https://www.drupal.org/SA-CORE-2016-003.


AFFECTED SYSTEMS:

  • Drupal core 8.x versions prior to 8.1.7


WHAT'S THE PROBLEM?
If exploited, one of the vulnerabilities may allow an attacker take control of an affected website.


WHAT DO YOU NEED TO DO?
Install the latest version:

  • If you use Drupal 8.x, upgrade to Drupal core 8.1.7
  • If you use Drupal 7.x, Drupal core is not affected. However you should consider using the mitigation steps at https://httpoxy.org/ since you might have modules or other software on your server affected by this issue.


RELATED LINKS