The widely used website Content Management System (CMS)(defined) Drupal in late February released security updates for versions 6, 7 and 8.
10 security issues were addressed (of the severities listed below) by the released security updates:
- 1x critical
- 6x moderately critical
- 3x less critical
Drupal users should upgrade to versions 6.38, 7.43 or 8.0.4 as appropriate. Further information and steps to install the updates are available in Drupal’s Security Advisory.
Moreover, in early January an IOACtive senior security consultant Fernando Arnaboldi disclosed 3 security issues in a blog post. While these issues were responsibly disclosed to Drupal at the time of writing they have not addressed them. As advised within that blog post for those who administer Drupal installations they may wish to manually download updates for Drupal and its add-ons in order to work around these issues until they are addressed.