As posted in a previous bulletin (https://bulletins.it.ubc.ca/archives/32476), Drupal has released security updates of 7.x, 8.4.x, and 8.5.x to fix a highly critical security vulnerability.
If you are the owner or administrator of a Drupal website, please take some time to implement the core updates now. If you cannot patch your site, please take it offline immediately.
Drupal 8 – Upgrade to v8.5.3
- If you are unable to update immediately, you can attempt to apply the Drupal code available here: https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id=bb6d396609600d1169da29456ba3db59abae4b7eto fix the vulnerability until you are able to completely update.
Drupal 7 – Upgrade to v7.59
- If you are unable to update immediately, you can attempt to apply the Drupal code available here: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0to fix the vulnerability until you are able to completely update.
Drupal 6 – A community patch is available
Please note that this upgrade has been implemented by UBC IT for sites hosted by UBC IT Web Services.
If you have any questions or require any assistance to patch or secure your sites, please email security@ubc.ca.