Drupal Developers are forced to release a second patch for Drupalgeddon2

Drupal to release a second patch for Drupalgeddon2 Yesterday, the developers of Drupal announced that versions 7.x, 8.4.x and 8.5.x this week will receive new security updates, since the critical vulnerability in CMS, known as Drupalgeddon2, could not be completely fixed by the first patches. Release of updates scheduled for April 25 . These patches are designed to eliminate the recently disclosed critical vulnerability, which received the identifier CVE-2018-7600 and the name Drupalgeddon2....


In Drupal patched not too dangerous XSS Vulnerability

In Drupal closed XSS Vulnerability Last Wednesday, the Drupal team released updates with a patch for the XSS vulnerability in the CKEditor module of the CMS core. This gap, estimated as moderately dangerous, is relevant only for Drupal 8; users are advised to install Assembly 8.5.2 or 8.4.7. According to the developer's blog entry for the CKEditor JavaScript library, the chance of an XSS attack appears when you use the image2 plugin, an enhanced version of the image plug-in in this editor. This...


New Critical Vulnerabilities in Drupal

A critical vulnerability has been fixed in Drupal A week ago on March 28, Drupal Security Team announced patches that close the critical bug in security, relevant for all versions of Drupal 6.x, 7.x and 8.x. The vulnerability allows an attacker to gain access to the hosting server with the rights of the web server. Hacker don't have exploit that exploits this vulnerability, but it is likely to appear in the very near future, therefore it is strongly recommended that all site owners on Drupal or...


Drupal eliminates the vulnerabilities exploited by spammers

Drupal eliminates the vulnerabilities The developers of Drupal introduced versions 7.56 and 8.3.4, in which several vulnerabilities were eliminated, including bugs used by spammers. One of the main corrected problems was the vulnerability of CVE-2017-6922. The bug was that the files downloaded by an anonymous user were available not only to him, but to all anonymous users in general. Of course, only those sites that allowed anonymous downloads of files were affected. Since October 2016, Drupal...