Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s core.
While the vulnerability only affects websites that use the PostgreSQL database, there may be upstream issues with Symfony, a set of PHP packages and web application frameworks used by Drupal, and Twig, an open-source template engine for the PHP programming language. Consequently, Twig was updated to version 3.26.0, and Symfony issued a series of security advisories.
As a result, Drupal urges admins using these applications to update them as well, whether or not the SQL injection vulnerabil...