Drupal 8 & 9 Core Security Release of Aug 12th, 2021 To Curtail Scripting Vulnerability
A Drupal third party vendor library update came into effect on August 8th as a security release according to a Public Sector Announcement (PSA). The update in Drupal Core is to address the CKEditor cross-site scripting vulnerability. Cross-site scripting (XSS) is a security vulnerability in web applications where attackers try to inject scripts into web pages by bypassing access controls. The security risk of this release is termed “moderately critical” in nature.
Not being part of a planned Drupal security release, it was not updated in Drupal Steward. This security update is for users of Drupal version 9.2.4, Drupal 8.9.18 and Drupal 7.82. Drupal.org recommends administrators of these sites using CKEditor third party library to upgrade with immediate effect.
According to statistics, as on August 8th, 2021, sites using these releases are as below
| Version Release | Count |
| Drupal 9.2.4 | 11,639 |
| Drupal 9.1.12 | 423 |
| Drupal 8.9.18 | 17,596 |
| Drupal 7.82 | 110,540 |
For Drupal 8 and 9 versions prior to 8.9.x and 9.1.x respectively, there are no security updates as these versions have already reached End of Life.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.
Comments
You may also like
Featured
Latest News
Upcoming Events
Latest Opportunities
Call for Support
