It’s been a while since the last Drupal Core update was released (back in April) but it’s now time, once again, to install a Drupal Core update to keep your Drupal websites secure.

The following issues with Drupal Core have been patched, and are included in yesterday’s update:

  • In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
  • In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.
  • When sending email some variables were not being sanitised for shell arguments, which could lead to remote code execution.
  • The Contextual Links module doesn’t sufficiently validate the requested contextual links.

View more details on the Drupal website at https://www.drupal.org/sa-core-2018-006

Ref: SA-CORE-2018-006

Like

Feeling social? Share this with friends and colleagues...

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on skype
Skype
Share on whatsapp
WhatsApp
Share on email
Email