Security Update:Drupal Released a HIGHLY CRITICAL Security Update for Core 8
Date and Time
Drupal Core 8.x Users
Drupal has released updates to address a Highly Critical vulnerability.
Advanced Users: For the full Public Announcement refer to Drupal Core - Highly Critical - Injection - SA-CORE-2016-003 at https://www.drupal.org/SA-CORE-2016-003.
- Drupal core 8.x versions prior to 8.1.7
WHAT'S THE PROBLEM?
If exploited, one of the vulnerabilities may allow an attacker take control of an affected website.
WHAT DO YOU NEED TO DO?
Install the latest version:
- If you use Drupal 8.x, upgrade to Drupal core 8.1.7
- If you use Drupal 7.x, Drupal core is not affected. However you should consider using the mitigation steps at https://httpoxy.org/ since you might have modules or other software on your server affected by this issue.
- IT Security – http://it.ucsf.edu/security