Drupal Aid
Share
Drupal Support and Maintenance Services. We love Drupal and provide Unlimited support, maintenance, Drupal Support and Maintenance Services
06/10/2026
Security update for Drupal sites.
Examples for Developers (examples) needs to be updated to version 4.0.6.
The issue: Without the update, someone could potentially access parts of your site they shouldn't be able to see.
This applies to Drupal 10/11 sites.
Tagify (tagify) needs to be updated to version 1.2.52.
The issue: Without the update, someone could potentially inject malicious code that runs in visitors' browsers.
This applies to Drupal 10/11 sites.
This only affects sites using this specific module. If you're not sure whether your site uses it, we can help you check.
06/03/2026
Drupal released a security update today.
Anti-Spam by CleanTalk (cleantalk) has a security issue that could let someone compromise your site's security.
If you have this module on your site:
- Versions below 9.7.1 are affected
- Update to version 9.7.1
- This applies to Drupal 9 sites
Commerce Core (core) has a security issue that could let someone compromise your site's security.
If you have this module on your site:
- Versions below 3.3.6 are affected
- Update to version 3.3.6
- This applies to Drupal 10/11 sites
TacJS (tacjs) has a security issue that could let someone compromise your site's security.
If you have this module on your site:
- Versions below 6.8.0 are affected
- Update to version 6.8.0
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
Drupal published a critical security update for core today. A few things make this one stand out:
1. "Core" means Drupal itself — not a module. Every Drupal site is affected.
2. Drupal backported the patch to Drupal 8 and Drupal 9, even though both have been end-of-life for years. They effectively never do this. That's how high-risk this advisory is.
3. Fixed versions are published for every branch from Drupal 8 through Drupal 11: 8.9.21, 9.5.12, 10.5.10, 10.6.9, 11.2.12, 11.3.10.
What to do:
→ If your site is on our maintenance plan, no action needed on your end. We're already scheduling the deployment with proper testing and rollback in place.
→ If you don't have ongoing maintenance, please reach out today — critical-severity patches close exploit windows that open within days of release.
Even if your site is on a Drupal version you thought was unsupported, a patch exists for it. Don't ignore this one.
Security update for Drupal sites.
Date iCal (date_ical) needs to be updated to version 4.0.15.
The issue: Without the update, someone could potentially see private information they shouldn't have access to.
This applies to Drupal 10/11 sites.
Colorbox Inline (colorbox_inline) needs to be updated to version 2.1.1.
The issue: Without the update, someone could potentially inject malicious code that runs in visitors' browsers.
This applies to Drupal 10/11 sites.
Translate Drupal with GTranslate (gtranslate) needs to be updated to version 3.0.5.
The issue: Without the update, someone could potentially compromise your site's security.
This applies to Drupal 10/11 sites.
This only affects sites using this specific module. If you're not sure whether your site uses it, we can help you check.
04/15/2026
Drupal released a security update today.
Drupal core (core) has a CRITICAL security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 11.3.7 and 10.6.7 are affected
- Update to version 11.3.7 and 10.6.7
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
03/18/2026
Security update for Drupal sites.
Automated Logout (autologout) needs to be updated to version 1.7.0 and 2.0.2.
The issue: Without the update, someone could potentially trick an admin into performing unwanted actions.
This applies to Drupal 10/11 sites.
This only affects sites using this specific module. If you're not sure whether your site uses it, we can help you check.
03/11/2026
Drupal released a security update today.
Unpublished Node Permissions (unpublished_node_permissions) has a security issue that could let someone access parts of your site they shouldn't be able to see.
If you have this module on your site:
- Versions below 1.7.0 are affected
- Update to version 1.7.0
- This applies to Drupal 10/11 sites
AI (Artificial Intelligence) (ai) has a security issue that could let someone see private information they shouldn't have access to.
If you have this module on your site:
- Versions below 1.2.12 are affected
- Update to version 1.2.12
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
03/04/2026
Drupal released a security update today.
OpenID Connect / OAuth client (openid_connect) has a security issue that could let someone access parts of your site they shouldn't be able to see.
If you have this module on your site:
- Versions below 1.5.0 are affected
- Update to version 1.5.0
- This applies to Drupal 10/11 sites
Google Analytics GA4 (ga4_google_analytics) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 1.1.13 are affected
- Update to version 1.1.13
- This applies to Drupal 10/11 sites
Calculation Fields (calculation_fields) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 1.0.4 are affected
- Update to version 1.0.4
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
02/25/2026
Drupal released a security update today.
Islandora (islandora) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 2.17.5 are affected
- Update to version 2.17.5
- This applies to Drupal 10/11 sites
CAPTCHA (captcha) has a security issue that could let someone access parts of your site they shouldn't be able to see.
If you have this module on your site:
- Versions below 1.17.0 are affected
- Update to version 1.17.0
- This applies to Drupal 10/11 sites
Anti-Spam by CleanTalk (cleantalk) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 9.7.0 are affected
- Update to version 9.7.0
- This applies to Drupal 9 sites
If you don't have this module installed, no action needed.
02/11/2026
Drupal released a security update today.
UI Icons (ui_icons) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 1.0.1 are affected
- Update to version 1.0.1
- This applies to Drupal 10/11 sites
Quick Edit (quickedit) has a security issue that could let someone inject malicious code that runs in visitors' browsers.
If you have this module on your site:
- Versions below 2.0.1 are affected
- Update to version 2.0.1
- This applies to Drupal 10/11 sites
If you don't have this module installed, no action needed.
Click here to claim your Sponsored Listing.