Original release date: November 19, 2020<br/><p>Drupal has released security updates to address a critical vulnerability in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.</p>
<p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Advisory <a href=”https://www.drupal.org/sa-core-2020-012″>SA-CORE-2020-012</a>, apply the necessary updates, and follow the additional recommendation.</p>
<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy & Use</a> policy.</p>
</div>