Drupal Vendor library security release came into effect on August 8th according to PSA . The Core update addresses the CKEditor cross-site scripting issue.
The New Drupal 9 has been empowered with a lot of new exciting features to keep your site more secure. Also included are improved visitor privacy protection