Drupal 7 and 8 Patches are now available – March 28th, 2018 1:15pm

As posted in a previous bulletin (https://bulletins.it.ubc.ca/archives/32267), Drupal has released security updates of 7.x, 8.3.x, 8.4.x, and 8.5.x to fix a highly critical security vulnerability.

If you are the owner or administrator of a Drupal website, please take some time to implement the core updates now. If you cannot patch your site, please take it offline immediately.

Drupal 8 – Upgrade to v8.5.1
• If you are unable to update immediately, you can attempt to apply the Drupal code available here: https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id=5ac8738fa69df34a0635f0907d661b509ff9a28f to fix the vulnerability until you are able to completely update.

Drupal 7 – Upgrade to v7.5.8
• If you are unable to update immediately, you can attempt to apply the Drupal code available here: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5 to fix the vulnerability until you are able to completely update.

Drupal 6 – A community patch is available
https://www.drupal.org/project/d6lts/issues/2955130

Please note that this upgrade has been implemented by UBC IT for sites hosted by UBC IT Web Services.

If you have any questions, or require any assistance to patch or secure your sites, please email security@ubc.ca.