Drupal Releases Security Updates

Last Updated: 08/01/2017

Security Notice Level


Drupal has released updates to address multiple vulnerabilities including one that may allow a remote attacker to take control of an affected website.

Affected Software

Drupal core 8.x versions prior to 8.3.4

Drupal core 7.x versions prior to 7.56


Upgrade to Drupal core 8.3.4 or 7.56

Security Bulletin Name

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

Additional Information

Additional information about this vulnerability can be viewed at: https://www.drupal.org/SA-CORE-2017-003

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.  IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.

Important definitions for this notice:

Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.

Severe: severity includes worms & web or email based exploits.

Important: severity includes viruses and local exploits for commonly used services.