Drupal Core update
- from 8.9.13 to 8.9.14
Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.
See: https://www.drupal.org/sa-core-2021-002
Comments
It addresses a recent critical security advisory issued by Drupal.org. GovCMS assessed this risk as it applied to D8 distribution.
Deployment is scheduled from 28 April 2021 and will be conducted throughout the daytime and into the evening. No outages are expected to websites during the deployment process.
The GovCMS D8 distribution will continue to be supported after this update.
Modules deprecated/removed
- n/a
More information
If you have any concerns, raise a ticket at https://www.govcms.support, alternatively subscribe to https://status.govcms.support/ for information on updates to the GovCMS platform