Drupal Security Update - April 2022

21 Apr 2022

Two security alerts for Drupal 9 have been released yesterday, April 20, 2022.

SA-CORE-2022-008 (moderately critical)

https://www.drupal.org/sa-core-2022-008

Basically it is a bug that allows to skip validation in Drupal forms. This means that it affects most Drupal websites, since most websites have some form accessible by users.

You should upgrade if you have a Drupal 9 or Drupal 8 (unsupported). This vulnerability does not affect Drupal 7 sites.

SA-CORE-2022-009 (moderately critical)

https://www.drupal.org/sa-core-2022-009

It only affects versions higher than Drupal 9.3, and is a bug in the implementation of an entity access API and its revisions.

Remember, the best way to keep your Drupal secure is to keep it up to date.

Need a Drupal Expert?

Senior Drupal developer, freelance, specialized in what's hardest: migrations, multilingual sites, SaaS platforms and Stripe integration. I leverage AI to cut delivery times and costs, with expert review on every line of code.

No agency, no middlemen. Direct contact with the one who does the work.

TELL ME ABOUT YOUR PROJECT

Drupal Security Update - April 2022

SA-CORE-2022-008 (moderately critical)

SA-CORE-2022-009 (moderately critical)

Deleting Drupal fields with large MySQL tables

The Correct Way to Redirect a User After Login in Drupal

Need a Drupal Expert?

Drupal Security Update - April 2022

SA-CORE-2022-008 (moderately critical)

SA-CORE-2022-009 (moderately critical)

Related posts

Deleting Drupal fields with large MySQL tables

The Correct Way to Redirect a User After Login in Drupal

Need a Drupal Expert?