Security Update:
Status Type
Security Update
Date and Time
Thursday, April 26, 2018 - 11:25
Reason
Security Update
Impact
- If you are running 7.x, upgrade to Drupal 7.59.
- If you are running 8.5.x, upgrade to Drupal 8.5.3.
- If you are running 8.4.x, upgrade to Drupal 8.4.8.
- If you installed CKEditor in Drupal 7 using another method and you’re using a version of CKEditor from 4.5.11 up to 4.9.1, update the third-party JavaScript library by downloading CKEditor 4.9.2 from CKEditor's site: https://ckeditor.com/ckeditor-4/download/
- If you are unable to update immediately, apply the Patch for Drupal 8.x (8.5.x and below)
- If you are unable to update immediately, apply the Patch for Drupal 7.x
Advanced Users: For the full Public Announcement refer to:
- Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2018-004 at: https://www.drupal.org/sa-core-2018-004
AFFECTED SYSTEMS:
- Drupal 7 and 8
WHAT'S THE PROBLEM?
If exploited, this vulnerability may allow an attacker to gain access to sensitive information.
WHAT DO YOU NEED TO DO?
Install the latest version:
- If you are running 7.x, upgrade to Drupal 7.59.
- If you are running 8.5.x, upgrade to Drupal 8.5.3.
- If you are running 8.4.x, upgrade to Drupal 8.4.8.
- If you installed CKEditor in Drupal 7 using another method and you’re using a version of CKEditor from 4.5.11 up to 4.9.1, update the third-party JavaScript library by downloading CKEditor 4.9.2 from CKEditor's site: https://ckeditor.com/ckeditor-4/download/
- If you are unable to update immediately, apply the Patch for Drupal 8.x (8.5.x and below)
- If you are unable to update immediately, apply the Patch for Drupal 7.x
- 787 reads
- Printer-friendly version
- PDF version