Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible.
The release patches a number of security vulnerabilities:
- Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923
- REST API can bypass comment approval – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6924
- Entity access bypass for entities that do not have UUIDs or have protected revisions – Access Bypass – Critical – Drupal 8 – CVE-2017-6925