Drupal Security Update - April 2022

Two security alerts for Drupal 9 have been released yesterday, April 20, 2022.

SA-CORE-2022-008 (moderately critical)

https://www.drupal.org/sa-core-2022-008

Basically it is a bug that allows to skip validation in Drupal forms. This means that it affects most Drupal websites, since most websites have some form accessible by users.

You should upgrade if you have a Drupal 9 or Drupal 8 (unsupported). This vulnerability does not affect Drupal 7 sites.

SA-CORE-2022-009 (moderately critical)

https://www.drupal.org/sa-core-2022-009

It only affects versions higher than Drupal 9.3, and is a bug in the implementation of an entity access API and its revisions.

Remember, the best way to keep your Drupal secure is to keep it up to date.

Have Any Project in Mind?

If you want to do something in Drupal maybe you can hire me.

Either for consulting, development or maintenance of Drupal websites.