Tuesday 01 June 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
What you need to know:
Drupal has released security updates to patch Cross Site Scripting (XSS) vulnerabilities on CKEditor enabled Drupal websites.
Drupal 8.9, 9.0, and 9.1
Versions of Drupal 9 prior to 8.9.x have already reached end-of-life and do not receive security coverage.
Actions to be taken:
Administrators are advised to install the security updates:
- For 9.1 users, update to 9.1.9.
- For 9.0 users, update to 9.0.14.
- For 8.9 users, update to 8.9.16.