<div dir="ltr">Do we keep website snapshots of the KWLUG? I imagine we must but I just want to ask.</div><br><div class="gmail_quote"><div dir="ltr">On Thu, May 3, 2018 at 11:24 AM Khalid Baheyeldin <<a href="mailto:kb@2bits.com">kb@2bits.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">That last one was weaponized within hours. <br><br><a href="https://www.bleepingcomputer.com/news/security/hackers-dont-give-site-owners-time-to-patch-start-exploiting-new-drupal-flaw-within-hours/" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-dont-give-site-owners-time-to-patch-start-exploiting-new-drupal-flaw-within-hours/</a><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 23, 2018 at 3:29 PM, Khalid Baheyeldin <span dir="ltr"><<a href="mailto:kb@2bits.com" target="_blank">kb@2bits.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Another security release in two days between 12:00 and 14:00 (EDT).<br>
<br>
If you have a Drupal site, be prepared to apply it as soon as it comes out.<br>
<span class="m_-5232884728212622370im m_-5232884728212622370HOEnZb"><br>
<br>
---------- Forwarded message ----------<br>
From: <<a href="mailto:security-news@drupal.org" target="_blank">security-news@drupal.org</a>><br>
Date: Mon, Apr 23, 2018 at 1:09 PM<br>
Subject: [Security-news] Drupal 7 and 8 core critical release on April<br>
25th, 2018 PSA-2018-003<br>
To: <a href="mailto:security-news@drupal.org" target="_blank">security-news@drupal.org</a><br>
<br>
<br>
</span><div class="m_-5232884728212622370HOEnZb"><div class="m_-5232884728212622370h5">View online: <a href="https://www.drupal.org/psa-2018-003" rel="noreferrer" target="_blank">https://www.drupal.org/psa-2018-003</a><br>
<br>
There will be a security release of * Drupal 7.x, 8.4.x, and 8.5.x on April<br>
25th, 2018 between 16:00 - 18:00 UTC*. This PSA is to notify that the Drupal<br>
core release is outside of the regular schedule [1] of security releases. For<br>
all security updates, the Drupal Security Team urges you to reserve time for<br>
core updates at that time because there is some risk that exploits might be<br>
developed within hours or days. Security release announcements will appear on<br>
the Drupal.org security advisory page.<br>
<br>
This security release is a follow-up to the one released as SA-CORE-2018-002<br>
[2] on March 28.<br>
<br>
* Sites on 7.x or 8.5.x can immediately update when the advisory isreleased<br>
using the normal procedure.<br>
* Sites on 8.4.x should immediately update to the 8.4.8 release that willbe<br>
provided in the advisory, and then plan to update to 8.5.3 or the latest<br>
security release as soon as possible (since 8.4.x no longer receives<br>
official security coverage).<br>
<br>
The security advisory will list the appropriate version numbers for each<br>
branch. Your site's update report page will recommend the 8.5.x release even<br>
if you are on 8.4.x or an older release, but temporarily updating to the<br>
provided backport for your site's current version will ensure you can update<br>
quickly without the possible side effects of a minor version update.<br>
<br>
Patches for Drupal 7.x, 8.4.x, 8.5.x and 8.6.x will be provided in addition<br>
to the releases mentioned above. (If your site is on a Drupal 8 release older<br>
than 8.4.x, it no longer receives security coverage and will not receive a<br>
security update. The provided patches may work for your site, but upgrading<br>
is strongly recommended as older Drupal versions contain other disclosed<br>
security vulnerabilities.)<br>
<br>
This release will not require a database update.<br>
<br>
The CVE for this issue is CVE-2018-7602. The Drupal-specific identifier for<br>
the issue will be SA-CORE-2018-004.<br>
<br>
The Security Team or any other party is not able to release any more<br>
information about this vulnerability until the announcement is made. The<br>
announcement will be made public at <a href="https://www.drupal.org/security" rel="noreferrer" target="_blank">https://www.drupal.org/security</a>, over<br>
Twitter, and in email for those who have subscribed to our email list. To<br>
subscribe to the email list: login on Drupal.org, go to your user profile<br>
page, and subscribe to the security newsletter on the Edit » My newsletters<br>
tab.<br>
<br>
Journalists interested in covering the story are encouraged to email<br>
<a href="mailto:security-press@drupal.org" target="_blank">security-press@drupal.org</a> to be sure they will get a copy of the<br>
journalist-focused release. The Security Team will release a<br>
journalist-focused summary email at the same time as the new code release and<br>
advisory.<br>
If you find a security issue, please report it at<br>
<a href="https://www.drupal.org/security-team/report-issue" rel="noreferrer" target="_blank">https://www.drupal.org/security-team/report-issue</a>.<br>
<br>
<br>
[1] <a href="https://www.drupal.org/node/1173280" rel="noreferrer" target="_blank">https://www.drupal.org/node/1173280</a><br>
[2] <a href="https://www.drupal.org/sa-core-2018-002" rel="noreferrer" target="_blank">https://www.drupal.org/sa-core-2018-002</a><br>
<br>
_______________________________________________<br>
Security-news mailing list<br>
<a href="mailto:Security-news@drupal.org" target="_blank">Security-news@drupal.org</a><br>
Unsubscribe at <a href="https://lists.drupal.org/mailman/listinfo/security-news" rel="noreferrer" target="_blank">https://lists.drupal.org/mailman/listinfo/security-news</a><br>
<br>
<br>
</div></div><div class="m_-5232884728212622370HOEnZb"><div class="m_-5232884728212622370h5">-- <br>
Khalid M. Baheyeldin<br>
<a href="http://2bits.com" rel="noreferrer" target="_blank">2bits.com</a>, Inc.<br>
Fast Reliable Drupal<br>
Drupal optimization, development, customization and consulting.<br>
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>
Simplicity is the ultimate sophistication. -- anonymous<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="m_-5232884728212622370gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Khalid M. Baheyeldin<br><a href="http://2bits.com" target="_blank">2bits.com</a>, Inc.<br>Fast Reliable Drupal<br>Drupal optimization, development, customization and consulting.<br>Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>Simplicity is the ultimate sophistication. -- anonymous<br><br></div></div></div>
</div>
_______________________________________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
</blockquote></div>