Today, there is a Moderately Critical security release for Drupal core and CTools to fix a Cross-Site Scripting (XSS) vulnerability. You can learn more in the security advisory:
Drupal core – Moderately critical – Cross-site scripting – SA-CORE-2020-007
Here you can download:
- The Drupal 6 core patch, or a full release ZIP or TAR.GZ
- The CTools patch, or a full release ZIP or TAR.GZ
If you have a Drupal 6 site, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. 🙂
FYI, there were other Drupal core security advisories made today, but those don’t affect Drupal 6.
If you’d like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they’re released, please check out our D6LTS plans.
Note: if you use the myDropWizard module (totally free!), you’ll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won’t necessarily have a release on Drupal.org).