The Drupal project has released a patch to fix a critical access bypass vulnerability that could put websites at risk of hacking.
The vulnerability does not have the highest severity level based on Drupal’s rating system, but is serious enough that the platform’s developers decided to also release a patch for a version of the content management system that’s no longer officially supported.
