Drupal Security Team has announced a moderately critical security advisory for both Drupal 7 & 8 cores today on May 8, 2019 with the following details:
Project: Drupal core
Date: 2019-May-08
Security risk: Moderately critical 14∕25
Vulnerability: Third-party librariesjQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.
As you might know we first announced the launch of our new AltaGrade website and the new hosting platform back on November, 2018. Since then we've been accepting new orders on and migrating Drupion customers who wanted immediate upgrades to the new system.
The Drupal security team has announced the discovery of a highly critical remote code execution vulnerability and the release of the latest version of Drupal 8 to patch the critical vulnerability which could allow remote attackers to hack Drupal sites.
As a Drupal-oriented company we - AltaGrade team - are happy to be celebrating Drupal's eighteenth birthday and sharing the joy of the founder, Dries Buytaert:
Eighteen years ago today, I released Drupal 1.0.0. What started from humble beginnings has grown into one of the largest Open Source communities in the world. Today, Drupal exists because of its people and the collective effort of thousands of community members. Thank you to everyone who has been and continues to contribute to Drupal.
