it.ucsf.edu

Security Update:Security Update: Drupal has released an advisory to address several vulnerabilities in Drupal 8.x

Status Type

Security Update

Date and Time

Monday, August 21, 2017 - 09:20

Reason

Security Update

Impact

Drupal users

WHAT HAPPENED?

Drupal has released an advisory to address several vulnerabilities in Drupal 8.x.

 

Advanced Users: For the full Public Announcement refer to Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004 at https://www.drupal.org/SA-CORE-2017-004.

 

AFFECTED SYSTEMS:

  • Drupal core 8.x versions prior to 8.3.7

 

WHAT'S THE PROBLEM?

If exploited, one of the vulnerabilities may allow an attacker to obtain or modify sensitive information.

 

WHAT DO YOU NEED TO DO?

Install the latest version:

  • If you use Drupal 7.x, Drupal core is not affected. However you should consider using the mitigation steps at https://httpoxy.org/ since you might have modules or other software on your server affected by this issue.

 

RELATED LINKS