The Drupal project is issuing an emergency core security update for all supported branches on May 20, between 5 and 9 p.m. UTC, due to a critical vulnerability. The Drupal Security Team has issued an advisory urging site administrators to reserve time for updates, warning that exploits could be developed within hours or days of the release, with further coverage provided by Security Affairs.While the specific type of vulnerability has not been disclosed, the urgency of the advisory suggests a serious flaw with a potentially short window between patch release and active exploitation. Drupal powers a significant portion of the web, including government sites, universities, and enterprise portals. Patches will be available for supported branches: 11.3.x, 11.2.x, 10.6.x, and 10.5.x. Best-effort patches will also be provided for end-of-life minor versions 11.1.x and 10.4.x.Organizations running unsupported Drupal 8 and 9 versions are strongly advised to upgrade to at least Drupal 10.6 soon, as these older versions contain numerous unaddressed security vulnerabilities and will not receive updates for this critical flaw.Source: Security Affairs
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds