The vulnerabilities fixed in the latest version of Drupal (8.3.7) are the following:
- Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - CVE-2017-6925
- Views - Access Bypass - Moderately Critical - CVE-2017-6923
- REST API can bypass comment approval - Access Bypass - Moderately Critical - CVE-2017-6924
It is recommended that you update your Drupal application to the Drupal 8.3.7. You can follow our documentation to learn how to upgrade your application and ensure its security.
For new application deployments, including the Bitnami Launchpad, we have released Drupal 8.3.7 containers, installers, virtual machines and cloud images that includes the security fixes to address these vulnerabilities. If you deploy Bitnami Drupal via one of our cloud partner marketplaces and it is not yet updated to version 8.3.7, you will need to upgrade your application using our documentation.
If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, and we will be happy to help you.