SA-CORE-2018-004

An article from ComputerMinds - Building with Drupal in the UK since 2005
26th Apr 2018

Ross Bale

Developer
Hey, you seem to look at this article a lot! Why not Bookmark this article so you can find it easily in the future?

As with every other Drupal agency on the planet, it was another fun evening of frantic patching of client sites last night due to the release of the highly critical SA-CORE-2018-004 security update for Drupal, released on 25/04/2018.

Being so closely related to SA-CORE-2018-002 and knowing proven exploits for that were already affecting thousands of un-patched Drupal sites, time was of the essence for this one as a new exploit was sure to be released in a matter of hours.

Our crack team of developers who stayed late especially had all of our clients' production and testing sites patched within a couple of hours - good work team!

Once we had finished that, shortly after the announcement of SA-CORE-2018-004 there was also a highly critical Remote code execution security update (SA-CONTRIB-2018-020) released for the popular Media contrib module. About half our websites use this module, and most of these were on versions that were marked as vulnerable to the exploit. With a bit of patching and quick-fire testing, these sites were secured in a timely fashion as well.

Hopefully, this is it for highly critical Drupal core security updates for a while... people might start to think bad things about our beloved Drupal!

Published in

Hi, thanks for reading

ComputerMinds are the UK’s Drupal specialists with offices in Bristol and Coventry. We offer a range of Drupal services including Consultancy, Development, Training and Support. Whatever your Drupal problem, we can help.