Drupal critical core vulnerability announced

Joey Stanford
Security, Compliance and Data Protection Officer
28 Mar 2018

A week ago the Drupal security team published a dire-sounding advisory PSA-2018-001, rated highly-critical for Drupal core. The announcement has now been made as SA-CORE-2018-002.

The last time around when there was a Highly-Critical vulnerability for Drupal Core AKA the “DrupaGeddon” episode millions of sites were affected, so we are taking this extremely seriously.

All Drupal users are advised to update their sites to 8.5.1 / 8.4.9 / 8.3.8 / 7.58 immediately. We are working on a platform-level fix as well and will announce more details very soon.