Drupal 10.1.4 Security Update
Incident Report for Pantheon Operations
Resolved
Drupal core security releases 10.1.4, 10.0.11 and 9.5.11 address a cache poisoning vulnerability. See https://drupal.org/sa-core-2023-006 for details. Pantheon engineering is investigating whether our CDN and WAF layers do or can provide additional mitigation for this particular vulnerability. Our investigations so far have discovered that this Drupal vulnerability can be reproduced for some sites running on Pantheon that have not applied the security update, including sites running Drupal 8.7.0 and later. Please upgrade your Drupal sites to secure versions as soon as possible.
Posted Sep 20, 2023 - 12:44 PDT