Drupal Security Updates for Drupal Core

Drupal released a security update for Drupal Core 8.x versions prior to 8.2.8 and 8.3.1 to address a critical access bypass vulnerability, CVE-2017-6919. If exploited successfully, an attacker could obtain sensitive information. Those running Drupal 8.2.7 should update to 8.2.8 and those running Drupal 8.3.0 should update to 8.3.1 to patch the vulnerability. The NJCCIC recommends users and administrators review the Drupal Security Advisory and apply necessary updates.