Drupal has released a critical security update for Drupal 7 and Drupal 8. This security update (versions 7.75 & 8.9.10) fixes a vulnerability that has been found by the Drupal security team.
The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them.
Solution
The latest versions of Drupal (versions 7.75 & 8.9.10) will mitigate the vulnerability. All Drupal websites should be updated to the latest version of Drupal.
Action
All Drupal websites that are hosted with Enrega will be updated by our support team. For more information about the update process, please see our security updates for your website page.
If you have a shared hosting account with CMS support, you can see our progress and the current status on our support page. If you have a custom website that is not in shared hosting, or if you do not have CMS support, we'll let you know by email when we're done.
References
