[kwlug-disc] OT? Significant Drupal patch today
Khalid Baheyeldin
kb at 2bits.com
Wed May 20 14:28:39 EDT 2026
The fix is out.
It is in the database abstraction layer, SQL injection, and can be
exploited by anonymous users (non logged in users in Drupal's lingo).
Affects PostgreSQL mainly.
(Side note: I've only encountered a single Drupal site running PostgreSQL
in the past 20 years).
But there are also upstream fixes to Symfony ...etc., so the fix must be
applied regardless.
https://www.drupal.org/sa-core-2026-004
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20260520/374d9cdb/attachment.htm>
More information about the kwlug-disc
mailing list