Security Update:Security Update: Drupal has released an advisory to address several vulnerabilities in Drupal 8.x
Date and Time
Drupal has released an advisory to address several vulnerabilities in Drupal 8.x.
Advanced Users: For the full Public Announcement refer to Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004 at https://www.drupal.org/SA-CORE-2017-004.
- Drupal core 8.x versions prior to 8.3.7
WHAT'S THE PROBLEM?
If exploited, one of the vulnerabilities may allow an attacker to obtain or modify sensitive information.
WHAT DO YOU NEED TO DO?
Install the latest version:
- If you use Drupal 8.x, upgrade to Drupal core 8.3.7
- If you use Drupal 7.x, Drupal core is not affected. However you should consider using the mitigation steps at https://httpoxy.org/ since you might have modules or other software on your server affected by this issue.
- IT Security - http://it.ucsf.edu/security