Cancel
Development, Drupal, Technology

August 1st 2018 - Drupal 8 Moderate Security Release

by John DoyleAugust 1, 2018
Share

A Public Service Announcement was released on July 30th, 2018, announcing a moderately critical security update to Drupal Core. This update is not part of the normal Drupal Core security releases but was deemed important enough to release the update. A link to the public service announcement can be found here: https://www.drupal.org/psa-2018-07-30

More information on the actual vulnerability was released along with the security updated on August 1, 2018. Based on the feedback and messaging around the issue on other forums such as Acquia.com, it is highly recommended that anyone on Drupal 8.5 install this important update. For organizations not running on the latest version of Drupal 8, it is recommended that you manually upgrade the impacted libraries as soon as possible.

For more information on the Drupal Security Advisories, the Drupal Security Team and Drupal Security Rating Process, check out our previous post here: https://bluetext.com/drupal-8-critical-security-release-march-28th-2018/

Looking for help upgrading your Drupal website? Contact Us!

Frequently Asked Questions (FAQ)

What was announced in the Drupal security update of August 1, 2018?

Drupal released a moderately critical update outside of its normal schedule. The update addressed a vulnerability that required prompt attention from site administrators. It underscored the importance of staying current with security advisories.

Why was this release considered 'moderately critical'?

Although not as urgent as past critical releases, the vulnerability posed real risks if left unpatched. Organizations running Drupal 8.5 were especially encouraged to update quickly. Addressing it reduced exposure to potential exploits.

What should organizations on older Drupal versions do?

If a site wasn’t on the latest version, administrators were advised to manually update the affected libraries. This ensured they could still mitigate the vulnerability. It highlighted the need for ongoing maintenance even when upgrades lag behind.

Where can administrators find more information on Drupal security?

Drupal’s official security advisories provide detailed explanations of vulnerabilities and fixes. The Drupal Security Team also publishes processes for rating severity. Following these resources helps organizations stay protected and proactive.