Drupal has released security updates to address a critical vulnerability in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Advisory SA-CORE-2020-012, apply the necessary updates, and follow the additional recommendation.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.