Tuesday, April 18, 2017

Drupal Security Issue SA-CONTRIB-2017-38

A new critical security vulnerability in the References module has been discovered by Drupal's core security team as SA-CONTRIB-2017-38. Although this module is no longer maintained, it is currently used within over 120,000 installations.

If you use the References module, it is advised to uninstall it. In order to maintain equivalent functionality, it is recommended to try the Entity Reference module. If you do not use the References module, you do not need to take any action.

The References module is only supported by Drupal 7.x versions. The Bitnami Drupal stack does not include the References module by default.  Therefore, it is not affected by this issue.

If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, and we will be happy to help you.