Drupal has again warned against a patch for a critical leak in version 7 and 8 of its content management system. It will be out of normal update planning on 25 April. Where Drupal spoke at the earlier leak of highly critical it uses here critical .
The release will take place on 25 April. between 16:00 and 18:00 UTC, which means 18:00 and 20:00 local time. The update comes out for versions 7.x, 8.4.x and 8.5.x, where users of the first and last release can update in a normal way. The team recommends users of version 8.4.x to first update to 8.4.8 and then later to a supported version such as 8.5.3. At the stated time, the Drupal team wants to make more information available on its security page . No database update would be required.
In the previous leak, the team also warned that exploits would be developed, which then also happened. Although this took a little longer than expected. The team warned on April 13 for ‘automated attacks’ on unpatched Drupal versions. Subsequently warned a security company a week ago that variants of the Tsunami botnet were targeting unpatched sites.