Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update that may affect some Drupal sites.
At the moment, it is not very clear how exactly this vulnerability can be exploited, so we recommend that you update your sites as soon as possible.
Install the latest version:
If you are using Drupal 9.3, update to Drupal 9.3.9.
If you are using Drupal 9.2, update to Drupal 9.2.16.
All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage.
Note that Drupal 8 has reached its end of life.
Leave a comment