SA-CORE-2018-002: All our websites are secure

Drupal Security

One week after the Drupal security team announcement, the security update SA-CORE-2018-002 was released.

All Drupal 6, Drupal 7, Drupal 8 websites were affected and vulnerable, and therefore needed an immediate update. 

After two hours we already had all our websites updated and all our client's websites were secure.

Drupal is an outstanding example in dealing with security issues transparently. With a dedicated team, standardised security issue reporting and mitigation processes, security announcements and scheduled bugfix releases, it implements all key components to minimise risks.

We also wanted to say "Thank you!" to everybody that was involved in this issue.
With your work we can keep Drupal secure and on such a high level.

By the way, this case is a good example why we recommend a hosting provider specialised on Drupal like platform.sh: all websites are automatically protected against this vulnerability on network level.