by David Snopek on March 22, 2018 - 9:16am

Yesterday, the Drupal Security Team published PSA-2018-001, announcing that there would be a security release for Drupal 7 & 8 on March 28th to fix a highly critical security vulnerability.

The same vulnerability also affects Drupal 6, and so there will also be a Drupal 6 security release shortly after the Drupal 7 & 8 security advisory is published.

We'll be announcing that here, on the myDropWizard blog, as well as in the D6LTS issue queue on

If you have any Drupal 6, 7 or 8 sites, we highly recommend setting aside some time on March 28th to update all of your sites!

If you're a myDropWizard customer: we'll be sending you the patch or deploying to your site or making a PR (depending on the workflow you have setup with us) as soon as possible once the security advisory is published. As always, we get all security updates out to our customers the same day they're released! This will be no different :-)

If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.


Want to read more articles like this? blog Subscribe to the blog and recieve e-mail updates when new articles are published!


Thanks for the update.


This is so great guys. Thank you for the amazing work.

Hey what are the vulnerable parameters in drupal 6 because because of some reasons i can't update/patch my site

Hi, pigeon!

1. I don't have an exhaustive list of all possible parameters - nor would we disclose those in a public forum. These sorts of situations are difficult to balance getting security information out but also protecting from too much disclosure for bad actors.

2. I would strongly urge you to update the site somehow. It might be difficult, but even if you have to manually patch the code files individulally, that's the appropriate solution. Future Drupal security builds on these releases!

Add comment