Drupal: critical security update on March 28: are you ready?
Drupal Security Team announced a security release on March 28;which will solve a “highly critical security vulnerability” in Drupal 7 and Drupal 8
Important news from Drupal, the most used Content Management System (CMS) for high traffic websites and portals. The Drupal Security Team, which oversees all security aspects of Drupal, announced the release of an highly important update, that will be available on the late afternoon of March 28th 2018 and will regard every websites based on Drupal 7 and Drupal 8. The news impacts on more than a million websites, that will be at risk if the patch released by the community will not be promptly applied.
The update released on this date would fix a CMS “highly critical security vulnerability”, according to Drupal Security Team. The announcement continues saying that targeted cyber attacks may start to circulate on the web, in order to take advantage on this system vulnerability, a few hours after the release. Only then, the yet unknown vulnerability will be explicit.
The Drupal community periodically releases security updates for fixing vulnerabilities found on the platform. Usually, Drupal Core security updates are released each third Wednesday of the month (a well-known date for those who follow the community), but without any notification.
This time the security update has been announced one week in advance for warning all those who use Drupal not to make any appointments on the afternoon of March 28th. We suggest to consider this announcement very carefully: because of the unusual preview of the notice and because on this occasion the community will exceptionally release a patch for 8.3.x and 8.4.x versions, regarded as “unsupported minor release”, in order to meet the needs of ones who has not yet upgraded to 8.5.
The discovered vulnerability will have an impact on Drupal 7 and Drupal 8 versions. More details hasn’t voluntarily been disclosed for not giving benefits to those who are already planning to take advantage on this vulnerability. More information will be available after the release.
Archibuzz proposes to its customers an annual security updates plan for their own website developed on Drupal 7 and Drupal 8. The update has already been organised for those who are subscribed to the plan and it will be done after the release of the new version.
For those who have a Drupal website in need of performing the March 28th security update, we can provide you with a one-time Drupal security upgrade service. For more information you can contact us through the contact form on our website.