Drupal has issued a warning about a forthcoming “core security release,” emphasizing the potential for threat actors to exploit vulnerabilities shortly after the update is disclosed.
Website administrators are advised to allocate time for core updates on May 20 between 17:00 and 21:00 UTC. It is strongly recommended that administrators running versions 8 or 9 upgrade to at least version 10.6 to safeguard their websites.
Drupal, a widely used content management system (CMS) in various sectors such as government, education, and healthcare, has announced that the vulnerability impacts Drupal core versions 8 and newer. However, not all configurations are affected, and security updates will be available for versions including Drupal 11.3.x, 11.2.x, 11.1x, 10.6.x, 10.5.x, and 10.4x.
While versions 11.1x and 10.4x are no longer supported, Drupal will still provide fixes for them due to the severity of the security issue. Administrators are urged to update to Drupal 11.1.9 and 10.4.9 to mitigate the risks.
Drupal 8 and 9, which have reached end-of-life, will not receive patches. However, hotfix files will be released for versions 9.5 and 8.9, enabling remediation for those using versions 9.5.11 or 8.9.20.
Websites utilizing Drupal Steward are already shielded against known attack vectors. Nonetheless, an update is still recommended for added security measures.
Drupal has refrained from disclosing technical details about the vulnerability, cautioning administrators against falling for fraudulent information online. It is advised to await the official announcement for accurate details.
Drupal emphasizes the importance of monitoring the platform’s security portal for updates throughout the day and promptly applying the security update once it becomes available.
Automated pentesting tools offer significant value but are primarily focused on assessing network traversal by attackers rather than testing the effectiveness of your security controls, detection rules, or cloud configurations.
Discover the 6 critical areas you need to validate in our comprehensive guide.
Download Now
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
