Drupal, a very popular content management system was recently updated to resolve a highly critical security vulnerability that impacted current and previous versions. It is a remote code execution vulnerability within multiple subsystems of Drupal 8.x, 7.x and 6.
If you’re running websites powered by Drupal, you’re highly encourage to upgrade to the latest version (8.5.1) or patch your sites to resolve this highly critical security bug.
Drupal 8.5.1 is the most current and should have these vulnerabilities resolved with it. If you’re not running Drupal 8.5.1, you should upgrade immediately.
For more about this highly critical security bug, please read this page.
These are snippets of who could gain access what may be done once accessed is gained.
- All and anyone can exploit this vulnerability
- All public and non-public data is accessible to the attacker via this bug.
- All Drupal data can be modified or deleted by the attacker
So, this is pretty serious stuff. you should definitely upgrade to the latest version of Drupal if you’re not currently on version 8.5.1
We’ve also written great tutorials for students and new users on installing and updating Drupal. Below are few of our tutorial you can use to install on Ubuntu servers.
Drupal with Apache2, PHP 7.2 Support
If you want to learn how to install Drupal with Apache2, PHP 7.2 support on Ubuntu, the tutorial below is a great place to start.
Drupal with Nginx, PHP 7.2 on Ubuntu
For webmaster who prefer Nginx webserver, the tutorial below shows students and new users how to install Drupal on Ubuntu with Nginx and PHP 7.2 support.
If you can’t afford to upgrade by want to just install the patch to fix the security vulnerability, you must manually install the patch file. or use Git to do it. It’s a pretty tedious process and you should be comfortable with the command line.
Some good links to help you patch Drupal are below:
This issue also affects Drupal 8.2.x and earlier, which are no longer supported. If you are running any of these versions of Drupal 8, update to a more recent release and then follow the instructions above.
This issue also affects Drupal 6. Drupal 6 is End of Life
You may also like the post below: