Drupal Aid

Name: Drupal Aid
Address: Pittsburgh, PA, US
Telephone: +14122812817

Drupal Support and Maintenance Services. We love Drupal and provide Unlimited support, maintenance, Drupal Support and Maintenance Services

05/20/2026

Drupal published a critical security update for core today. A few things make this one stand out:

1. "Core" means Drupal itself — not a module. Every Drupal site is affected.
2. Drupal backported the patch to Drupal 8 and Drupal 9, even though both have been end-of-life for years. They effectively never do this. That's how high-risk this advisory is.
3. Fixed versions are published for every branch from Drupal 8 through Drupal 11: 8.9.21, 9.5.12, 10.5.10, 10.6.9, 11.2.12, 11.3.10.

What to do:
→ If your site is on our maintenance plan, no action needed on your end. We're already scheduling the deployment with proper testing and rollback in place.
→ If you don't have ongoing maintenance, please reach out today — critical-severity patches close exploit windows that open within days of release.

Even if your site is on a Drupal version you thought was unsupported, a patch exists for it. Don't ignore this one.

05/13/2026

Security update for Drupal sites.

Date iCal (date_ical) needs to be updated to version 4.0.15.

The issue: Without the update, someone could potentially see private information they shouldn't have access to.

This applies to Drupal 10/11 sites.

Colorbox Inline (colorbox_inline) needs to be updated to version 2.1.1.

The issue: Without the update, someone could potentially inject malicious code that runs in visitors' browsers.

This applies to Drupal 10/11 sites.

Translate Drupal with GTranslate (gtranslate) needs to be updated to version 3.0.5.

The issue: Without the update, someone could potentially compromise your site's security.

This applies to Drupal 10/11 sites.

This only affects sites using this specific module. If you're not sure whether your site uses it, we can help you check.

04/15/2026

Drupal released a security update today.

Drupal core (core) has a CRITICAL security issue that could let someone inject malicious code that runs in visitors' browsers.

If you have this module on your site:
- Versions below 11.3.7 and 10.6.7 are affected
- Update to version 11.3.7 and 10.6.7
- This applies to Drupal 10/11 sites

If you don't have this module installed, no action needed.

03/18/2026

Security update for Drupal sites.

Automated Logout (autologout) needs to be updated to version 1.7.0 and 2.0.2.

The issue: Without the update, someone could potentially trick an admin into performing unwanted actions.

This applies to Drupal 10/11 sites.

This only affects sites using this specific module. If you're not sure whether your site uses it, we can help you check.

03/11/2026

Drupal released a security update today.

Unpublished Node Permissions (unpublished_node_permissions) has a security issue that could let someone access parts of your site they shouldn't be able to see.

If you have this module on your site:
- Versions below 1.7.0 are affected
- Update to version 1.7.0
- This applies to Drupal 10/11 sites

AI (Artificial Intelligence) (ai) has a security issue that could let someone see private information they shouldn't have access to.

If you have this module on your site:
- Versions below 1.2.12 are affected
- Update to version 1.2.12
- This applies to Drupal 10/11 sites

If you don't have this module installed, no action needed.

03/04/2026

Drupal released a security update today.

OpenID Connect / OAuth client (openid_connect) has a security issue that could let someone access parts of your site they shouldn't be able to see.

If you have this module on your site:
- Versions below 1.5.0 are affected
- Update to version 1.5.0
- This applies to Drupal 10/11 sites

Google Analytics GA4 (ga4_google_analytics) has a security issue that could let someone inject malicious code that runs in visitors' browsers.

If you have this module on your site:
- Versions below 1.1.13 are affected
- Update to version 1.1.13
- This applies to Drupal 10/11 sites

Calculation Fields (calculation_fields) has a security issue that could let someone inject malicious code that runs in visitors' browsers.

If you have this module on your site:
- Versions below 1.0.4 are affected
- Update to version 1.0.4
- This applies to Drupal 10/11 sites

If you don't have this module installed, no action needed.

02/25/2026

Drupal released a security update today.

Islandora (islandora) has a security issue that could let someone inject malicious code that runs in visitors' browsers.

If you have this module on your site:
- Versions below 2.17.5 are affected
- Update to version 2.17.5
- This applies to Drupal 10/11 sites

CAPTCHA (captcha) has a security issue that could let someone access parts of your site they shouldn't be able to see.

If you have this module on your site:
- Versions below 1.17.0 are affected
- Update to version 1.17.0
- This applies to Drupal 10/11 sites

Anti-Spam by CleanTalk (cleantalk) has a security issue that could let someone inject malicious code that runs in visitors' browsers.

If you have this module on your site:
- Versions below 9.7.0 are affected
- Update to version 9.7.0
- This applies to Drupal 9 sites

If you don't have this module installed, no action needed.

02/11/2026

Drupal released a security update today.

UI Icons (ui_icons) has a security issue that could let someone inject malicious code that runs in visitors' browsers.

If you have this module on your site:
- Versions below 1.0.1 are affected
- Update to version 1.0.1
- This applies to Drupal 10/11 sites

Quick Edit (quickedit) has a security issue that could let someone inject malicious code that runs in visitors' browsers.

If you have this module on your site:
- Versions below 2.0.1 are affected
- Update to version 2.0.1
- This applies to Drupal 10/11 sites

If you don't have this module installed, no action needed.

02/04/2026

Drupal Security Update Released

The Login Disable module has a new security patch (SA-CONTRIB-2026-008). The vulnerability could allow authentication bypass through alternative endpoints.

If you use this module on your Drupal 10 or 11 site:
- Update to version 2.1.3
- Severity is rated Less Critical
- Only affects sites with this module installed

If you do not have the Login Disable module installed, no action is needed.

Questions about whether your site is affected? We are happy to check for you.

01/28/2026

Drupal released a security update today.

Central Authentication System (CAS) Server (cas_server) has a security issue that could let someone compromise your site's security.

If you have this module on your site:
- Versions below 2.1.2 are affected
- Update to version 2.1.2
- This applies to Drupal 10/11 sites

Drupal Canvas (canvas) has a security issue that could let someone access parts of your site they shouldn't be able to see.

If you have this module on your site:
- Versions below 1.0.4 are affected
- Update to version 1.0.4
- This applies to Drupal 10/11 sites

If you don't have this module installed, no action needed.

Address

Pittsburgh, PA

Telephone

+14122812817

Website

https://www.drupalaid.com/

Alerts

Be the first to know and let us send you an email when Drupal Aid posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Want your business to be the top-listed Transport Service in Pittsburgh?