Description: Drupal 8.2.7 is now available as a maintenance release which contains fixes for security vulnerabilities.
- Fixed the issue about adding a private file via a configured text editor (like CKEditor). The editor did not correctly check access for the file being attached
- Some administrative paths did not include protection for CSRF.
- Fixed a 3rd party development library including with Drupal 8 development dependencies that is vulnerable to remote code execution.
Affected versions: Drupal 8.x
Recommended action: Upgrade to Drupal 8.2.7