Drupal warns of serious security vulnerability in Drupal 7 and 8
Drupal’s security team is warning CMS administrators that it will disclose details of a serious vulnerability on March 28. The team believes exploits could appear within hours or days.
This is a serious vulnerability in Drupal versions 7.x, 8.3.x, 8.4.x and 8.5.x, which will be announced next Wednesday between 6:00 PM and 6:30 PM via the Drupal security page. The security team recommends that administrators allow time at that point to make updates, as exploits could potentially appear within hours or days.
The vulnerability is severe enough to release updates specifically for 8.3.x and 8.4.x releases, although the security team doesn’t actually support these types of minor releases, even with security updates. While the team is making an exception this time around, it recommends that administrators move to the 8.5.x release sometime in the month after the security updates are implemented.