Clear your calendar, Drupal user: You have a critically urgent patch to install

Patches

The org’s staying mum on the details, but Wednesday’s fixes reach back to unsupported 8.9 branches

If you use Drupal, get ready to patch without delay. The org behind the popular open source content management system is warning of a highly critical vulnerability in Drupal core that is serious enough for it to tell users ahead of Wednesday’s patch release to set aside time to install the fix immediately.The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the PSA noting that Drupal isn’t willing to share additional information until the announcement is made alongside the patch release. That, says Drupal, will happen at some point between 1700 and 2100 UTC on Wednesday, May 20. To reiterate, this vulnerability is found in Drupal core, the bare-bones version of Drupal designed for developers, and not Drupal CMS, the preconfigured version for those who want Drupal but don’t have coding skills.

Drupal noted that sites using Drupal Steward, its paid web application firewall service, are protected against known attack vectors, though it still recommends Steward customers update their core instances in case additional exploit methods emerge.

Clear your calendar, Drupal user: You have a critically urgent patch to install

Other newsrooms on this story

Related reading

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Other newsrooms on this story

Related reading

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Drupal critical update to fix bug with high exploitation risk

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

CMS Drupal: Hochkritisches Drupal-Core-Update für den 20. Mai angekündigt

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs