Mar 28, 2018 | Atlanta, GA
On Mar 28, 2018, Drupal will be releasing a critical security patch for Drupal versions 7 and 8 between 2:00PM and 3:30PM EST.
The exact details of the vulnerability are unknown at this time, but it is believed to be remotely exploitable. Cyber Security team recommends immediate patching upon release for all Drupal instances as exploits might be developed within hours or days.
Please see the link below for additional patch details: https://www.drupal.org/psa-2018-001
We advise you to patch your site as soon as possible. Cyber Security will be evaluating the vulnerability once more information is released today and take additional action.
Site is in Installatron typically patch within 72 hours. Though, please be prepared to manually patch if Cyber Security deems this to be a very critical update. We will post any instructions we receive here on how to manually update sites in Installatron: https://faq.oit.gatech.edu/content/how-update-your-site-drupal-7-and-8-core-highly-critical-release-psa-2018-001
The Drupal User Community is available for help. You can join the Microsoft Teams instance ( https://drupal.gatech.edu/about-us/ms-team ) and join the #Support room.
We request that your site is patched by Thursday. If you are unable to make this deadline, please let us know by submitting a request at: https://hosting.gatech.edu/request/help
Sites that are not patched by Thursday will have their traffic restricted to campus-only. Sites without owners or admins will be restricted to campus and decomissioned after 30 days if an owner and admin is not identified.
Note that Drupal version 6 has reached End of Life and all security patches and announcements have been halted. It is suspected the vulnerability will be exploitable in all versions, therefore; all Drupal 6 users should immediately upgrade to version 7 or 8.
Thank you for your attention to this matter.