Earlier this week, it was announced that a significant security vulnerability in the Drupal content management system will be made public on March 28th, 2018.
While no additional details are available at this time, it is expected this issue will impact all currently deployed versions of Drupal.
Drupal is a widely deployed technology at MIT, and Information Systems & Technology (IS&T) is taking steps to prepare for the release of additional information about this issue:
- Web sites deployed via IS&T's Drupal Cloud service will be patched to address this vulnerability on March 28th; no additional action is required on the part of Drupal Cloud site administrators.
- Drupal sites hosted via IS&T's managed server hosting will likewise be secured against this vulnerability. Configuration for these sites is more diverse than Drupal Cloud, and IS&T will reach out to hosting customers to discuss specifics as additional details become available.
For Drupal sites at MIT not managed by IS&T or those hosted externally, we strongly recommend following up with your support provider to discuss options for securing your site once patches are available. Maintainers of Drupal sites not hosted by IS&T should plan to dedicate time on March 28th for patching and testing their site, and may wish to ensure prior to that time that the site is up to date on Drupal core patches.
If you have any questions or require assistance, contact the IS&T Service Desk.