Drupal Security Update

Last Updated: 10/19/2018

Security Notice Level


Drupal has released updates to address multiple vulnerabilities including some that may allow a remote attacker to take control of an affected website.

Affected Software

  • Drupal core 8.x versions prior to 8.6.2 or 8.5.8
  • Drupal core 7.x versions prior to 7.60


  • Upgrade to Drupal core 8.6.2, 8.5.8 or 7.60

Security Bulletin Name

  • Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

Additional Information

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.  IT Service Center Hours:  https://oit.colorado.edu/support/it-service-center.