Emergency Hotfix - GovCMS D10 Update 3.13.1
Scheduled Maintenance Report for GovCMS
The scheduled maintenance has been completed.
Posted Jun 26, 2024 - 21:36 AEST
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Jun 26, 2024 - 20:00 AEST


Today (26 June 2024), an issue was addressed relating to the use of a popular library, polyfill.io in the Drupal Webform module. The library at the CDN is considered malicious and a security risk for sites using it from its original location.

GovCMS has implemented an emergency hotfix tonight to sites impacted at the theme layer, where customers may have used the library.

GovCMS has released a distribution update, 3.13.1, which provides an update to the Webform module, addressing this issue. This issue relates to the use of Choices, a selection option available when building and managing webforms. This is used to provide compatibility for older browsers.

Sites using the Webform module that are impacted will have their site updated to the 3.13.1 release tonight. This update points to a new CDN resource without the compromised library. This update allows sites to continue to use polyfill library safely.

Sites not impacted will be updated in the next scheduled release.

There is no further action for D10 SaaS projects. If you have any concerns please raise a Service Desk ticket.

D10 PaaS customers will need to update your projects ASAP

If you use the GovCMS D10 distribution:
- You should aim to apply this update to your distribution as soon as possible.
- Updated files will be available from https://github.com/govCMS/GovCMS/releases/tag/3.13.1
- If you manage your own distribution, this core release should have been assessed and addressed.
Posted Jun 26, 2024 - 19:36 AEST
This scheduled maintenance affected: GovCMS Projects (Individual websites).