There will be a security release of Drupal maintenance support plans 7.x, 8.4.x, and 8.5.x on April 25th, 2020 between 16:00 – 18:00 UTC. This PSA is to notify that the Drupal maintenance support plans core release is outside of the regular schedule of security releases. For all security updates, the Drupal maintenance support plans Security Team urges you to reserve time for core updates at that time because there is some risk that exploits might be developed within hours or days. Security release announcements will appear on the Drupal maintenance support plans.org security advisory page.
This security release is a follow-up to the one released as SA-CORE-2020-002 on March 28.
Sites on 7.x or 8.5.x can immediately update when the advisory is released using the normal procedure.
Sites on 8.4.x should immediately update to the 8.4.8 release that will be provided in the advisory, and then plan to update to 8.5.3 or the latest security release as soon as possible (since 8.4.x no longer receives official security coverage).
The security advisory will list the appropriate version numbers for each branch. Your site’s update report page will recommend the 8.5.x release even if you are on 8.4.x or an older release, but temporarily updating to the provided backport for your site’s current version will ensure you can update quickly without the possible side effects of a minor version update.
Patches for Drupal maintenance support plans 7.x, 8.4.x, 8.5.x and 8.6.x will be provided in addition to the releases mentioned above. (If your site is on a Drupal maintenance support plans 8 release older than 8.4.x, it no longer receives security coverage and will not receive a security update. The provided patches may work for your site, but upgrading is strongly recommended as older Drupal maintenance support plans versions contain other disclosed security vulnerabilities.)
This release will not require a database update.
The CVE for this issue is CVE-2020-7602. The Drupal maintenance support plans-specific identifier for the issue will be SA-CORE-2020-004.
The Security Team or any other party is not able to release any more information about this vulnerability until the announcement is made. The announcement will be made public at https://www.drupal.org/security, over Twitter, and in email for those who have subscribed to our email list. To subscribe to the email list: login on Drupal maintenance support plans.org, go to your user profile page, and subscribe to the security newsletter on the Edit » My newsletters tab.
Journalists interested in covering the story are encouraged to email security-press@drupal.org to be sure they will get a copy of the journalist-focused release. The Security Team will release a journalist-focused summary email at the same time as the new code release and advisory.
If you find a security issue, please report it at https://www.drupal.org/security-team/report-issue.
Source: New feed
Security public service announcements: Drupal maintenance support plans 7 and 8 core critical release on April 25th, 2020 PSA-2020-003
This article was republished from its original source.
Call Us: 1(800)730-2416
Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.
FREE Drupal SEO Audit
Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)
Security public service announcements: Drupal maintenance support plans 7 and 8 core critical release on April 25th, 2020 PSA-2020-003
On-Site Drupal SEO Master Setup
We make sure your site is 100% optimized (and stays that way) for the best SEO results.
With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.
This service includes:
- Pathauto install and configuration for SEO-friendly URLs.
- Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
- Install and fix all issues on the SEO checklist module.
- Install and configure XML sitemap module and submit sitemaps.
- Install and configure Google Analytics Module.
- Install and configure Yoast.
- Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
- Install and configure Schema.org Metatag.
- Configure robots.txt.
- Google Search Console setup snd configuration.
- Find & Fix H1 tags.
- Find and fix duplicate/missing meta descriptions.
- Find and fix duplicate title tags.
- Improve title, meta tags, and site descriptions.
- Optimize images for better search engine optimization. Automate where possible.
- Find and fix the missing alt and title tag for all images. Automate where possible.
- The project takes 1 week to complete.
