It’s been a while since the last Drupal Core update was released (back in April) but it’s now time, once again, to install a Drupal Core update to keep your Drupal websites secure.
The following issues with Drupal Core have been patched, and are included in yesterday’s update:
- In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass.
- In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.
- When sending email some variables were not being sanitised for shell arguments, which could lead to remote code execution.
- The Contextual Links module doesn’t sufficiently validate the requested contextual links.
View more details on the Drupal website at https://www.drupal.org/sa-core-2018-006
Ref: SA-CORE-2018-006