Drupal Releases Security Updates

Last Updated: 11/01/2016

Security Notice Level


Drupal has released an update to address a vulnerability that may allow a remote attacker to take control of an affected website. CU Boulder’s www.colorado.edu and sites on the Web Express service are not affected as they are on version 7.x.

Affected Software

Drupal core 8.x versions prior to 8.1.10


Upgrade to Drupal core 8.1.10

Security Bulletin Name

SA-CORE-2016-004 - Drupal Core - Critical

Additional Information

Additional information about this vulnerability can be viewed at:


If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.