In March 2018, Drupal developers announced a critical vulnerability (remote exploit) in the core Drupal software that required immediate patching, and we fixed that on all sites on our servers, and we announced that here Drupal Vulnerability Patch on All Servers.

On April 25, the Drupal developers announced a newly-discovered vulnerability, that also required immediate patching:

To secure as much Drupal sites on our servers as possible, our system administrators took the following actions:

1. Executed the patches from the announcement above for all Drupal 7.4+ and Drupal 8 installations on our servers.
2. Executed the patches for Drupal 6 from the Drupal LTS.

Drupal patches were run in a “best effort” way, which does not guarantee that all installations were patched successfully, but the vast majority of sites are secured.

To all Drupal 6 and Drupal 7 (prior to 7.40) users:

We strongly advise you to update your Drupal installations to an officially supported version (7.59 or 8.5.3), as older versions are vulnerable and present a security risk for your hosting account. Additionally, such vulnerable installations could be blocked at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *