Drupal Releases Security Updates (Feb 2016)

The widely used website Content Management System (CMS)(defined) Drupal in late February released security updates for versions 6, 7 and 8.

10 security issues were addressed (of the severities listed below) by the released security updates:

  • 1x critical
  • 6x moderately critical
  • 3x less critical

Drupal users should upgrade to versions 6.38, 7.43 or 8.0.4 as appropriate. Further information and steps to install the updates are available in Drupal’s Security Advisory.

As noted by Drupal version 6 has reached its end of life (EOL) and will no longer receive security updates going forward. Further information is provided in this dedicated page.

Moreover, in early January an IOACtive senior security consultant Fernando Arnaboldi disclosed 3 security issues in a blog post. While these issues were responsibly disclosed to Drupal at the time of writing they have not addressed them. As advised within that blog post for those who administer Drupal installations they may wish to manually download updates for Drupal and its add-ons in order to work around these issues until they are addressed.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s