Drupal Releases Security Updates

Last Updated: 11/01/2016

Security Notice Level

SEVERE

Drupal has released an update to address a vulnerability that may allow a remote attacker to take control of an affected website. CU Boulder’s www.colorado.edu and sites on the Web Express service are not affected as they are on version 7.x.

Affected Software

Drupal core 8.x versions prior to 8.1.10

Solution

Upgrade to Drupal core 8.1.10

Security Bulletin Name

SA-CORE-2016-004 - Drupal Core - Critical

Additional Information

Additional information about this vulnerability can be viewed at:

https://www.drupal.org/SA-CORE-2016-004

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.