Drupal Releases Security Updates

Last Updated: 10/01/2017

Security Notice Level


Drupal has released updates to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain or modify information.

Affected Software

Drupal core 8.x versions prior to 8.3.7


Upgrade to Drupal core 8.3.7

Security Bulletin Name

Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004

Additional Information

Additional information about this vulnerability can be viewed at:


If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.

Important definitions for this notice:

Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.

Severe: severity includes worms & web or email based exploits.

Important: severity includes viruses and local exploits for commonly used services.