Drupal 8 Multiple Vulnerabilities

Posted on Posted in Drupal

Description: Drupal 8.2.7 is now available as a maintenance release which contains fixes for security vulnerabilities.

Changes:

  • Fixed the issue about adding a private file via a configured text editor (like CKEditor). The editor did not correctly check access for the file being attached
  • Some administrative paths did not include protection for CSRF.
  • Fixed a 3rd party development library including with Drupal 8 development dependencies that is vulnerable to remote code execution.

Affected versions: Drupal 8.x

Recommended action: Upgrade to Drupal 8.2.7

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *