Drupal 8 & 9 Core Security Release of Aug 12th, 2021 To Curtail Scripting Vulnerability
A Drupal third party vendor library update came into effect on August 8th as a security release according to a Public Sector Announcement (PSA). The update in Drupal Core is to address the CKEditor cross-site scripting vulnerability. Cross-site scripting (XSS) is a security vulnerability in web applications where attackers try to inject scripts into web pages by bypassing access controls. The security risk of this release is termed “moderately critical” in nature.
Not being part of a planned Drupal security release, it was not updated in Drupal Steward. This security update is for users of Drupal version 9.2.4, Drupal 8.9.18 and Drupal 7.82. Drupal.org recommends administrators of these sites using CKEditor third party library to upgrade with immediate effect.
According to statistics, as on August 8th, 2021, sites using these releases are as below
| Version Release | Count |
| Drupal 9.2.4 | 11,639 |
| Drupal 9.1.12 | 423 |
| Drupal 8.9.18 | 17,596 |
| Drupal 7.82 | 110,540 |
For Drupal 8 and 9 versions prior to 8.9.x and 9.1.x respectively, there are no security updates as these versions have already reached End of Life.
Nisha Oomen At TheDropTimes, Nisha was tasked with producing and delivering content that highlights the most recent advancements in technology, she aims to make intricate subjects easy to understand and captivating.
ASK: Drupal Community Needs Your Support
View all →
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
