Highly critical Drupal code security alert

The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.”

The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe enough that patches have been released for some unsupported versions.

If you’re running Drupal for your website you are strongly urged to upgrade or patch your release. More information can be found here and there’s also an FAQ.