Drupal Releases Security Updates

Last Updated: 06/01/2017

Security Notice Level


Drupal has released an update to address a vulnerability that may allow a remote attacker to modify information. CU Boulder’s www.colorado.edu and sites on the Web Express service are not affected as they are on version 7.x.

Affected Software

Drupal core 8.x versions prior to 8.2.8 and 8.3.1


Upgrade to Drupal core 8.2.8 or 8.3.1

Security Bulletin Name

Drupal Core - Critical - Access Bypass - SA-CORE-2017-002

Additional Information

Additional information about this vulnerability can be viewed at:


If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu. IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.