Skip to main content
Submitted by backend on Mon, 04/02/2018 - 23:30

Recently there was a major security update for drupal that involved many sites across the internet. A noted flaw was found in the system which allowed potential hackers to hijack a website running the Drupal CMS.

The following is a statement issued from the Drupal security team:

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. The security team has written an FAQ about this issue. Solution: Upgrade to the most recent version of Drupal 7 or 8 core. If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.) If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.) Drupal 8.3.x and 8.4.x are no longer supported and we don't normally provide security releases for unsupported minor releases. However, given the potential severity of this issue, we are providing 8.3.x and 8.4.x releases that includes the fix for sites which have not yet had a chance to update to 8.5.0. Your site's update report page will recommend the 8.5.x release even if you are on 8.3.x or 8.4.x. Please take the time to update to a supported version after installing this security update. If you are running 8.3.x, upgrade to Drupal 8.3.9 or apply this patch. If you are running 8.4.x, upgrade to Drupal 8.4.6 or apply this patch. This issue also affects Drupal 8.2.x and earlier, which are no longer supported. If you are running any of these versions of Drupal 8, update to a more recent release and then follow the instructions above. This issue also affects Drupal 6. Drupal 6 is End of Life. For more information on Drupal 6 support please contact a D6LTS vendor.

All measures have been taken on our end and every single website hosted on DPG has been updated with the latest security release. And no website has any indication of being attacked or exploited. We take these kinds of issues very seriously and wasted no time updated all our client's websites.

We will continue to monitor the situation and do our best to protect our client's from any future threats.

If you have an questions about our security policies and procedures, feel free to contact us and we will gladly answer any of your questions.

Thank you