Changelog #18

A security patch is available for the Webform module for Drupal 8/9

The webform module enables you to build forms and surveys in Drupal.

The module doesn't sufficiently check access for administrative features for webforms attached to nodes using the Webform Node module. This may reveal submitted data or allow an attacker to modify submitted data. Additionally, for sites with webforms that send emails and store submissions this vulnerability would allow an attacker to use the site as an email relay (i.e. sending arbitrary emails). Please update sites using this module as soon as possible.

If a site is still using Drupal 8, the patch is available now on the Pantheon Dashboard.

If a site is using Drupal 9, please go to the site's Pantheon Dashboard and select the 'check now' option to 1) Scan through available updates and 2) apply the Webform update. We recommend doing this in a Multidev before applying the update on the Dev environment.

Changelog #18

Related topics