Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Apr 28, 2021 - 08:00 AEST
Scheduled
In response to a recent critical security advisory issued by Drupal.org. GovCMS updated the Drupal 7 (D7), Drupal 8 (D8) and Drupal 9 (D9) distributions on 22 April 2021.
GovCMS assessed this risk as it applied to ALL distributions. Subsequently the security risk remained critical.
No outages are expected to websites during the deployment process.
What is included in the update?
D7: 7.x-1.20 Drupal core from 7.78 to 7.80 D8: 8.x-1.16 Drupal core from 8.9.13 to 8.9.14 D9: 2.0.0-beta3 Drupal core from 9.1.6 to 9.1.7
Description
Drupal core's sanitisation API fails to properly filter cross-site scripting under certain circumstances.
Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.