[IDA] All sites updated, Core/Module security vulnerabilities

  • Posted on: 20 February 2019
  • By: Michael

Hello All,

Your Drupal site has been updated today for one or more of the following:

- Drupal core - Highly critical - Remote Code Execution

- Font Awesome Icons - Critical - Remote Code Execution

- Translation Management Tool - Critical - Remote Code Execution

- Paragraphs - Critical - Remote Code Execution

- Video - Critical - Remote Code Execution

- Metatag - Critical - Remote code execution

- Link - Critical - Remote Code Execution

- JSON:API - Highly critical - Remote code execution

- RESTful Web Services - Critical - Access bypass

# # # # #

These security issues affect all sites.  We apply all security releases
immediately to address as best as possible as yet undiscovered security

# # #

[ X ]
Other available module updates were not applied at this time.  Your full
update will be performed at your regularly scheduled time.

# # #

[ X ]
All other available, non-blacklisted [1], module updates were applied at the
same time.  If you have the:

* Webform and/or
* Media

modules on your site they (and their associated support modules) were updated
at this time.  Please run though a test submission and/or post to verify your
specific Webform and/or WYSIWYG setups are functioning correctly.

If you have the:

* Nodeaccess

modules on your site it was updated at this time.  Your Node Access
Permissions were rebuilt after the module update.  Please verify your node
(aka webpage) Grants are functioning correctly.

This full update will fulfill your regularly scheduled quarterly site update.

# # # # #

IDA routine QA has been applied, but please do preform your individual QA(s).  
If you find any issues, send them my way. [2]

Best Regards Everyone,


Internet Design Alliance, owner
Hours (US CST):  Mon - Thur, 8am - 6pm | Fri, 8am - Noon
Emergency calls:  24x7

[1] Blacklisted modules are updated as soon as the issue(s) causing them to be
blacklisted is resolved, and do not affect your quarterly site update

[2] As always full site backups are made prior to any maintenance.  This
allows for a full rollback so problematic modules can be isolated and
successful modules can be updated normally.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
You know what to do... An image you see? there is one finger less than two hands of items to find. (We sincerely apologize for using image CAPTCHA, hint go low, and bots suck...)
Enter the characters shown in the image.