View online: https://www.drupal.org/PSA-2016-002
* Advisory ID: DRUPAL-PSA-2016-002 * Project: Drupal * Version: 8.x * Date: 2016-July-17 * Security risk: TBD * Vulnerability: TBD
-------- DESCRIPTION ---------------------------------------------------------
We will be doing a Drupal 8 core patch release on Monday, July 18th. This will occur between 14:15 UTC and 19:00 UTC.
There will not be a Drupal 7 release during this window.
-------- WHY IS THIS RELEASE BEING ISSUED? -----------------------------------
The Drupal security team has learned that a third-party Drupal 8 dependency will be making a security release on Monday, July 18th and in accordance we will be making a Drupal 8 release soon after. We will not disclose details of the third-party update in advance of that release and cannot respond to requests for further information. This security release is for the dependency only and only affects Drupal 8 sites. Other mitigating factors will be included with our published SA.
-------- WHAT ABOUT THE REGULARLY SCHEDULED RELEASE WINDOW ON WEDNESDAY, JULY 20? -----------------------------------------------------------------
We are moving the regularly scheduled window two days earlier to provide the third-party dependency update, so this replaces that window.
There will not be another core release on Wednesday, July 20th.
-------- CONTACT AND MORE INFORMATION ----------------------------------------
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact [1].
Learn more about the Drupal Security team and their policies [2], writing secure code for Drupal [3], and securing your site [4].
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [5]
[1] https://www.drupal.org/contact [2] https://www.drupal.org/security-team [3] https://www.drupal.org/writing-secure-code [4] https://www.drupal.org/security/secure-configuration [5] https://twitter.com/drupalsecurity