13 August 2021
Drupal version 9.2.4 is now available.
Upgrading to Drupal 9.2.4
Drupal 9.2.4 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Drupal updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Drupal install to test the 9.2.4 upgrade prior to applying it live. Get started managing your Drupal installations with Installatron
What's New in Drupal 9.2.4
Drupal core - Critical - Third-party library - SA-CORE-2021-005
The Drupal project uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal.
Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.