In response to a recent critical security advisory issued by Drupal.org. GovCMS updated the Drupal 7 (D7), Drupal 8 (D8) and Drupal 9 (D9) distributions on 22 April 2021
GovCMS assessed this risk as it applied to ALL distributions. Subsequently the security risk remained critical. No outages are expected to websites during the deployment process.
What is included in the update?D7: 7.x-1.20
Drupal core from 7.78 to 7.80D8: 8.x-1.16
Drupal core from 8.9.13 to 8.9.14D9: 2.0.0-beta3
Drupal core from 9.1.6 to 9.1.7
Drupal core's sanitisation API fails to properly filter cross-site scripting under certain circumstances.
Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.
When is deployments to projects
Deployments will be conducted throughout the daytime and into the evening from the date below: D7: 7.x-1.20
28 April 2021D8: 8.x-1.16
29 April 2021D9: 2.0.0-beta3
What does the update remove from these distribution?
Nothing will be removed from ANY of the distributions in this update.
What support will be provided after these update?
The GovCMS D7, D8 and D9 distributions will continue to be supported after this update.
What actions must my organisation do now?PaaS customers
Review the detailed information about this update.
If you manage your own distribution: this critical issue should have been assessed and addressed within 7 days of the original notification.
If you use the GovCMS D7, D8 or D9
distribution. You should aim to apply this update to your distribution as soon as possible.
Updated files were release on 22 April and are available from: Drupal 7
Drupal.org: https://www.drupal.org/project/govcms/releases/7.x-3.20 Github.comhttps://github.com/govCMS/GovCMS7/releases/tag/7.x-3.20 Drupal 8
Drupal.org: https://www.drupal.org/project/govcms8/releases/8.x-1.16 Github.comhttps://github.com/govCMS/GovCMS8/releases/tag/1.16.0 Drupal 9
Github.comhttps://github.com/govCMS/GovCMS/releases/tag/2.0.0-beta3 SaaS customersAll
customers will need to check their site after the deployment to ensure there aren’t any issues.
If you have any concerns, raise a ticket at https://www.govcms.support
For information on updates to the GovCMS platform, subscribe to https://status.govcms.support/