Drupal Security Update - April 2022
Two security alerts for Drupal 9 have been released yesterday, April 20, 2022.
SA-CORE-2022-008 (moderately critical)
Basically it is a bug that allows to skip validation in Drupal forms. This means that it affects most Drupal websites, since most websites have some form accessible by users.
You should upgrade if you have a Drupal 9 or Drupal 8 (unsupported). This vulnerability does not affect Drupal 7 sites.
SA-CORE-2022-009 (moderately critical)
It only affects versions higher than Drupal 9.3, and is a bug in the implementation of an entity access API and its revisions.
Remember, the best way to keep your Drupal secure is to keep it up to date.