A visit to install.php
can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.
Install the latest version:
- If you are using Drupal 8.7.x, upgrade to Drupal 8.7.11.
- If you are using Drupal 8.8.x, upgrade to Drupal 8.8.1.
Versions of Drupal 8 prior to 8.7.x are end-of-life and do not receive security coverage.
To mitigate this issue in any version of Drupal 8, you can also block access to install.php
if it's not required.
Additional information
All advisories released today:
Updating to the latest Drupal core release will apply the fixes for all the above advisories.
- Drew Webber of the Drupal Security Team
- Drew Webber of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Heine of the Drupal Security Team
- Alex Pott of the Drupal Security Team
- xjm of the Drupal Security Team
- Damien McKenna of the Drupal Security Team
- David Snopek of the Drupal Security Team
- Nathaniel Catchpole of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team