[IS&T Security-FYI] Upcoming Drupal security announcement
Garry P Zacheiss
zacheiss at mit.edu
Fri Mar 23 13:07:50 EDT 2018
Good afternoon,
Earlier this week, it was announced that a significant security vulnerability in the Drupal content management system will be made public on March 28th, 2018:
https://www.drupal.org/psa-2018-001
While no additional details are available at this time, it is expected this issue will impact all currently deployed versions of Drupal.
Drupal is a widely deployed technology at MIT, and Information Systems & Technology (IS&T) is taking steps to prepare for the release of additional information about this issue:
- Web sites deployed via IS&T's Drupal Cloud service will be patched to address this vulnerability on March 28th; no additional action is required on the part of Drupal Cloud site administrators.
- Drupal sites hosted via IS&T's managed server hosting will likewise be secured against this vulnerability. Configuration for these sites is more diverse than Drupal Cloud, and IS&T will reach out to hosting customers to discuss specifics as additional details become available.
For Drupal sites at MIT not managed by IS&T or those hosted externally, we strongly recommend following up with your support provider to discuss options for securing your site once patches are available. Maintainers of Drupal sites not hosted by IS&T should plan to dedicate time on March 28th for patching and testing their site, and may wish to ensure prior to that time that the site is up to date on Drupal core patches.
If you have any questions or require assistance, please contact the IS&T Service Desk<mailto:servicedesk at mit.edu>.
Sincerely,
Garry
Garry Zacheiss
Director, Platform & Systems Integration
MIT Information Systems & Technology
zacheiss at mit.edu<mailto:zacheiss at mit.edu> // +1 617 253 7675
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20180323/b1b5ab91/attachment.html
More information about the ist-security-fyi
mailing list