New critical Drupal vulnerability in April 2018: PSA-2018-003

Submitted by dryer on Tue, 04/24/2018 - 11:36

Another critical vulnerability will be patched in Drupal on April 25th 2018. The Drupal security team posted information on this on Monday April 23rd. At 16:00 - 18:00 UTC time there will be releases for three separate lines of Drupal:

  • Drupal 7.x
  • Drupal 8.4.x
  • Drupal 8.5.x

Developers are urged to reserve time for updates at this time since the vulnerability could be exploited. The security fix is a follow up to the earlier SA-CORE 2018-002 Update that was made available on March 28th. In you are running a Drupal version such as Drupal 8.3, you are not covered by the patches and are recommended to upgrade to the latest supported versions.

Alternatively risky exploits can attack websites using this Open Source CMS. In the past this has happened with issues such as the Drupalgeddon 1 in 2014 and Drupalgeddon 2 in 2018: Drupalgeddon 2 Drupal vulnerability exploiting botnets emerge

More details on the Drupal security blog: