Drupal Security Team has released a new patch for site development in Drupal 8

Drupal consulting: the Security Team released a new patch for Drupal 8

Drupal Project has released a patch to resolve a problem that could increase the risk for a site to get hacked. Such criticality did not occupy the highest positions in the risk rating of Drupal, however it has been assessed serious enough to induce developers to release a patch even for versions of the CMS that are no longer officially supported, prior to 8.3.0, as announced by the Drupal Security Team on 19 April 2017.

This “danger” involves only a limited number of sites based on Drupal. Specifically, the sites most at risk have been limited to those that present the Restful Web Services module activated and configured to allow PATCH requests. In addition, any hacker could be able to register a new account or access an existing account regardless of the role of the user.
In addition, sites based on Drupal 7.x are not included among those at risk - but users of Drupal 8.2.7 should upgrade to version 8.2.8 and those of 8.3.0 should update the CMS to the latest version, which is 8.3.1.

Drupal is one of the Content Management Systems preferred by big brands and some of the most important public institutions. Among the most famous ones we recall: the White House, the French government, the Mayor of London, the BBC and the University of Oxford, which chose Drupal because of its versatility and reliability. Archibuzz has used it in different contexts - for example to create, among others, news portals, corporate sites, e-commerce platforms and management platforms/ERP.

To find out more about Drupal and its potential, or if you have a site made on Drupal 8 and do not know how to update it, do not hesitate to contact us.