Drupal Security Release (8.3.7)

Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible.

The release patches a number of security vulnerabilities:

  • Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923
  • REST API can bypass comment approval – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6924
  • Entity access bypass for entities that do not have UUIDs or have protected revisions – Access Bypass – Critical – Drupal 8 – CVE-2017-6925

More detail can be found in the security advisory and release notes.