Drupal Releases Security Updates | Office of Information Technology

Drupal Releases Security Updates

Last Updated: 04/20/2017

Security Notice Level

SEVERE

Drupal has released an update to address a vulnerability that may allow a remote attacker to modify information. CU Boulder’s www.colorado.edu and sites on the Web Express service are not affected as they are on version 7.x.

Affected Software

Drupal core 8.x versions prior to 8.2.8 and 8.3.1

Solution

Upgrade to Drupal core 8.2.8 or 8.3.1

Security Bulletin Name

Drupal Core - Critical - Access Bypass - SA-CORE-2017-002

Additional Information

Additional information about this vulnerability can be viewed at:

https://www.drupal.org/SA-CORE-2017-002

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu. IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.