it.ucsf.edu

Security Update:Drupal has released a MODERATLY CRITICAL security advisory to address a vulnerability in Drupal 7 and 8

Status Type

Security Update

Date and Time

Monday, April 23, 2018 - 09:24

Reason

Security update

Impact

Drupal users

WHAT HAPPENED?

Drupal has released a MODERATLY CRITICAL security advisory to address a vulnerability in Drupal 7 and 8.

 

Advanced Users: For the full Public Announcement refer to:

 

AFFECTED SYSTEMS:

  • Drupal 7 and 8

 

WHAT'S THE PROBLEM?

If exploited, this vulnerability may allow an attacker to gain access to sensitive information.

 

WHAT DO YOU NEED TO DO?

Install the latest version:

  • If you use Drupal 8, update to Drupal 8.5.2 or Drupal 8.4.7:

https://www.drupal.org/project/drupal/releases/8.5.2

https://www.drupal.org/project/drupal/releases/8.4.7

  • The Drupal 7.x CKEditor contributed module is not affected if you are running CKEditor module 7.x-1.18 and using CKEditor from the CDN, since it currently uses a version of the CKEditor library that is not vulnerable.
  • If you installed CKEditor in Drupal 7 using another method (for example with the WYSIWYG module or the CKEditor module with CKEditor locally) and you’re using a version of CKEditor from 4.5.11 up to 4.9.1, update the third-party JavaScript library by downloading CKEditor 4.9.2 from CKEditor's site: https://ckeditor.com/ckeditor-4/download/

 

RELATED LINKS