This module is not enabled by default in the Bitnami Drupal application. If you do not use the RESTful Web Services module, you do not need to take any action.
If you have the RESTful Web Services module enabled, your Drupal application is affected if all of the following conditions are met:
- The version of the application is prior to 8.3.1 (Drupal 7.x is not affected).
- The site allows PATCH requests.
- An attacker can get or register a user account on the site.
For new application deployments, Bitnami has released Drupal 8.3.1 containers, installers, virtual machines and cloud images that address this vulnerability. If you deploy Bitnami Drupal via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami Drupal via one of our cloud partner marketplaces and it is not yet updated to version 8.3.1, you will need to upgrade your application using the documentation linked above.
If you have further questions about Bitnami Drupal or this security issue, please post to our community forums, and we will be happy to help you.