Software Update: Drupal 7.72 / 8.8.8 /8.9.1 / 9.0.1
Updates to versions 7, 8.8, 8.9, and 9.0 of Drupal have been released to address a security vulnerability identified as critical. Drupal is a PHP-written, user-friendly and powerful content management platform, with which, for example, websites can be created. It’s simple enough for a novice user, but powerful enough to build a more complex website as well. The program includes a content management platform and a development framework. Information about the security issue can be found below.
Drupal core – Critical – Cross Site Request Forgery – SA-CORE-2020-004
Project: Drupal core
Date: 2020-June-17
security risk: Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery
CVE IDs: CVE-2020-13663
Description: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Solution:
- If you are using Drupal 7.x, upgrade to Drupal 7.72.
- If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8.
- If you are using Drupal 8.9.x, upgrade to Drupal 8.9.1.
- If you are using Drupal 9.0.x, upgrade to Drupal 9.0.1.
Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage. Sites on 8.7.x or earlier should update to 8.8.8.
| Version number | 7.72 / 8.8.8 /8.9.1 / 9.0.1 |
| Release status | Final |
| Operating systems | Windows 7 |
| Website | Drupal |
| Download | https://ftp.drupal.org/files/projects/drupal-9.0.1.tar.gz |
| License type | GPL |