Drupal Core - Security Update - SA-CORE-2014-005

For those who are not aware, there was a highly vulnerable Drupal security update released on October 15, 2014. Those running Drupal on campus should follow upgrade procedures as soon as possible.

One important caveat for this particular vulnerability is, as Doug Curtis of OIT Webhosting states:

  • Sites in OIT's web hosting are behind a web application firewall (WAF) that blocks SQL injections. While this is a good stop gap measure, you should still upgrade your Drupal install to the latest. This gives you some time to do the upgrade without having to rush things. 

Pre-existing security measures put into place by OIT's Webhosting team block this type of vulnerability.