Drupal has released a new version that fixes three security vulnerabilities.
It is recommended that you update your Drupal application to the latest version, Drupal 8.2.7. You can follow our documentation to learn how to upgrade your application and ensure its security.
The vulnerabilities fixed in the latest version of Drupal are the following:
- Editor module incorrectly checks access to inline private files - Access Bypass - Critical - CVE-2017-6377
- Some admin paths were not protected with a CSRF token - Cross Site Request Forgery - Moderately Critical - CVE-2017-6379
- Remote code execution - Moderately Critical - CVE-2017-6381
For new application deployments, Bitnami has released Drupal 8.2.7 containers, installers, virtual machines and cloud images that address these vulnerabilities. If you deploy Bitnami Drupal via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami Drupal via one of our cloud partner marketplaces and it is not yet updated to version 8.2.7, you will need to upgrade your application using the documentation linked above.
If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, and we will be happy to help you.