While most people are happily browsing their favorite websites and content across the web, a relatively unknown yet important competition is happening between the major web CMSs. If you are a web developer, you have a stake in this competition, because it has a significant impact on how your website is perceived by the world.
At Drupal Europe 2018, Dries Buytaert, the founder and lead developer of the Drupal content management system announced that Drupal 9 will be released in 2020. Yesterday, he shared a much detailed timeline for Drupal 9, according to which it is planned to release on June 3, 2020.
When Drupal 9 is released, it will be the first major release since sematic versioning and six-month minor release cycles were adopted. When exactly Drupal 9 might get released has only been lightly discussed so far, and while it will likely still be some way off, the earlier we talk properly about it, the better prepared everyone will be when it happens.
Drupal issued an update to patch a vulnerability in its Symfony library that if exploited would give an attacker to gain access to higher level caches and web servers.
The issue, CVE-2018-14773, effects many Symfony versions, 2.7.0 to 2.7.48, 2.8.0 to 2.8.43, 3.3.0 to 3.3.17, 3.4.0 to 3.4.13, 4.0.0 to 4.0.13 and 4.1.0 to 4.1.2 versions of the Symfony HttpFoundation component. This issue is resolved by updating to 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, and 4.1.3.
A set of high-severity vulnerabilities in Drupal that were disclosed last month are now the target of widespread attacks by a malware campaign.
Researcher Troy Mursch of Bad Packets Report has spotted hundreds of compromised Drupal sites being used to host "cryptojacking" malware that uses the CPUs of visitors to mine cryptocurrency via CoinHive.
After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining.
After scrambling to patch a critical vulnerability late last month, Drupal is at it again.
The open source content management project has issued an unscheduled security update to augment its previous patch for Drupalgeddon2.
There was also a cross-site scripting bug advisory in mid-April.
Five hours after the Drupal team published a security update for the Drupal CMS, hackers have found a way to weaponize the patched vulnerability, and are actively exploiting it in the wild.
This vulnerability should not be confused with Drupalgeddon 2 (CVE-2018-7600), another Drupal CMS security issue patched last month, which is also heavily exploited. This issue —tracked as CVE-2018-7602— was patched today.
ModuleLink: https://www.drupal.org/project/commerce_royalpay
Implements [Royal Pay](https://www.royalpay.com.au/) payment services for use with
[Drupal Commerce](http://drupal.org/project/commerce).
