Drupal announce new security update
22/01/2013
A security update has been made available for the open source CMS system Drupal to fixe recent vulnerabilities in the system. This is classed as a highly critical update as a serious cross site scripting vulnerability was discovered.
This highly critical Drupal update was announced on January 16th 2013. It is reference as SA-CORE-2013-001. It affects all versions of Drupal, that I 6.x and 7.x
This has occurred in recent jQuery functionality added – so recent websites with modern looking jQuery interactions and displays are particularly at risk.
For those interested in the technical detail, the JQuery library included within the Drupal core versions allows unexpected user input passed in a function into jQuery to insert HTML into the page instead of the intended behaviour of selecting DOM elements. This is a form of cross site scripting (XSS).
As this impacts anything using JQuery within Drupal, virtually all multiple core and contributed modules are affected, so everyone should implement this update. If you have a web design or maintenance company looking after your website, ensure they have updated the code of your CMS.
Drupal Updates last year
This is the first Drupal security update of 2013 – in 2012 there were 4 serious updates released to deal with critical security issues.