back to article Running Drupal? You need to patch, patch, patch right now!

Anyone running a website built with Drupal should stop whatever they are doing right now and install critical security patches. The organization behind the open-source software today put out an urgent security patch to address a remote code execution vulnerability in "multiple subsystems" of its content management system …

  1. wsm

    As patches go, not bad, considering

    Considering the raft of bad updates from major players, like MS and Apple, the Drupal update was well announced, delivered on time and easily installed.

    And it didn't break anything!!! Nothing to complain about here.

    1. macjules Silver badge
      Meh

      Re: As patches go, not bad, considering

      +120 sites so far with differing versions (7.58 through 8.39 and 8.46 to 8.51). 4 breaks so far from legacy bad Jquery (is there good Jquery?) and just started hitting the Red Bull as the sun comes up.

      Oh, and my Jenkins server just went down ...

  2. aitala

    Drupal 6 patch

    The Drupal 6 patch is available from the LTS Drupal sites. It was made available minutes after the D7 and D8 patches.

    Just search for Drupal 6 LTS on Drupal's website.

    Eric

  3. Anonymous Coward
    Anonymous Coward

    erm patch for D6 I don't think is right

    this patch https://cgit.drupalcode.org/d6lts/tree/common/core/SA-CORE-2018-001.patch?id=ac652689712d9a56a62d25587b6ffd6b5884e392 was issued in Feb and lists SA-Core-2018-001.patch issue is to do with SA-Core-2018-002.patch - doesn't seem to be available!. the D6 patch can't be the one as far as I can tell...

    1. diodesign (Written by Reg staff) Silver badge

      Re: erm patch for D6 I don't think is right

      I absolutely hate this. Absolutely hate it. People are freaking out about Drupal 6, when the security team officially supports 7 and 8. I'm seeing all sorts of links to weird pages claiming they have patches for D6. I absolutely hate the idea of sending people to unofficial security fixes. The damage possible is obvious.

      I think I've got the patch link right now. Should be this one https://www.drupal.org/node/2955130

      Use entirely at your own risk.

      C.

  4. pdjohnson

    For official information about Drupal 6 End of Life and Long Term Support please see the announcement here: https://www.drupal.org/about/drupal6-eol

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022