Protection against critical Drupal security bug SA-CORE-2018-004
The authors of the Drupal CMS software today announced yet another “highly critical” Drupal security bug (SA-CORE-2018-004).
This vulnerability is likely to be widely exploited soon. If you use Drupal 7 or 8 without updating it, your site will be compromised (taken over by “hackers”).
To protect our customers who have installed Drupal, we have “patched” the vulnerable files on every copy of Drupal on our servers, blocking the attacks that we expect to see in the future. We used these patches:
- Drupal 6 patches for bootstrap.inc and filefield.module
- Drupal 7 patch
- Drupal 8 patch
So our customers are protected against this particular problem. But that doesn’t mean you shouldn’t upgrade Drupal: older versions also have other security bugs. If you’ve installed the Drupal software on your site, please make absolutely sure you’ve upgraded to the latest version today.