|Title||Start Date & Time||End Date & Time|
|Service Maintenance Scheduled: UCB Files (routine monthly maintenance)||Friday, November 23, 2018 - 10:00pm||Friday, November 23, 2018 - 11:59pm|
Drupal will release an emergency security update on April 25, 2018, between 10 a.m. and 12 p.m. (noon). They are not releasing any information about this vulnerability until after the announcement is made. The IT Security Office recommends upgrading shortly after the patch is release as exploits may be developed within hours.
CU Boulder’s www.colorado.edu and sites on the Web Express service will be updating shortly after the patch is released.
Drupal core 7.x, 8.4.x, and 8.5.x
Upgrade to the most recent version of Drupal 7 or 8 core.
Drupal 7 and 8 core critical release on April 25th, 2018 PSA-2018-003
Additional information about this vulnerability can be viewed at:
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or email@example.com.
Important definitions for this notice:
Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.
Severe: severity includes worms & web or email based exploits.
Important: severity includes viruses and local exploits for commonly used services.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.