As with every other Drupal agency on the planet, it was another fun evening of frantic patching of client sites last night due to the release of the highly critical SA-CORE-2018-004 security update for Drupal, released on 25/04/2018.
Being so closely related to SA-CORE-2018-002 and knowing proven exploits for that were already affecting thousands of un-patched Drupal sites, time was of the essence for this one as a new exploit was sure to be released in a matter of hours.
Our crack team of developers who stayed late especially had all of our clients' production and testing sites patched within a couple of hours - good work team!
Once we had finished that, shortly after the announcement of SA-CORE-2018-004 there was also a highly critical Remote code execution security update (SA-CONTRIB-2018-020) released for the popular Media contrib module. About half our websites use this module, and most of these were on versions that were marked as vulnerable to the exploit. With a bit of patching and quick-fire testing, these sites were secured in a timely fashion as well.
Hopefully, this is it for highly critical Drupal core security updates for a while... people might start to think bad things about our beloved Drupal!