Drupal Core - 3rd-party libraries -SA-CORE-2018-005

* Advisory ID: SA-CORE-2018-005
* Project: Drupal core
* Version: 8.x
* CVE: CVE-2018-14773
* Date: 2018-August-01


The Drupal project uses the Symfony library. The Symfony library has released
a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.

The same vulnerability also exists in the Zend Feed and Diactoros libraries
included in Drupal core; however, Drupal core does not use the vulnerable
functionality. If your site or module uses Zend Feed or Diactoros directly,
read the Zend Framework security advisory and update or patch as needed.

The Drupal Security Team would like to to thank the Symfony and Zend Security
teams for their collaboration on this issue.


8.x versions before 8.5.6.


Upgrade to Drupal 8.5.6.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive
security coverage.

Add new comment