Drupal 8.6.6
16 January 2019
Drupal version 8.6.6 is now available (security release).
Upgrading to Drupal 8.6.6
Drupal 8.6.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 8.6.6 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 8.6.6
Security
- Drupal core - Third Party Libraries - SA-CORE-2019-001 - Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.
- Drupal core - Arbitrary PHP code execution - SA-CORE-2019-002 - Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to a remote code execution vulnerability which exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.