Drupal has announced an upcoming core security release and warned that exploit development could begin within hours of the update disclosure. Administrators using Drupal 8 or 9 are urged to prepare for the patch window on May 20 and upgrade to supported releases as soon as the fix is available. #Drupal #DrupalSteward
Keypoints
- Drupal will release a core security update later today.
- Threat actors may weaponize the issue within hours of disclosure.
- Administrators should reserve time for updates on May 20 between 17:00 and 21:00 UTC.
- Drupal 8 and 9 are end-of-life and will not receive patches.
- Sites using Drupal Steward are already protected against known attack vectors.