Drupal 7.56 and Drupal 8.3.4 – Security updates now available
Security releases for Drupal (Drupal 8 version 8.3.4 and Drupal 7 version 7.56) which contain fixes for security vulnerabilities are now available and it’s advisable that any websites using earlier Drupal versions are upgraded as soon as possible to keep them secure and prevent hacks and unauthorised access, including information disclosure.
We can upgrade your Drupal website for you with our cost effective Drupal upgrade service. Contact us for more details or if you’re an O’Brien Media website hosting customer you can view your Drupal version information and request an upgrade via Client Connect, just log in and access the “My products” section for more information.
Security vulnerabilities
Drupal 8.3.4 and 7.56 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory issued by Drupal:
Files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This can result in files uploaded to your website being publicly accessible.
The Drupal security team has received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system. This could result in your website being used to host images and malicious software that would be damaging to not only visitor computers but also to business reputation and search engine ranking.
To fix the security vulnerabilities, it’s advisable to upgrade to either Drupal 8.3.4 (if your website is running Drupal 8) or Drupal 7.56 (if you’re website is running Drupal 7).
Drupal upgrade service
We can upgrade your Drupal website for you with our cost effective Drupal upgrade service. Contact us for more details or if you’re an O’Brien Media website hosting customer you can view your Drupal version information and request an upgrade via Client Connect, just log in and access the “My products” section for more information.