Drupal has issued a security update which resolves three security flaws, two of which are deemed critical.
Earlier this week, the open-source website content management system (CMS) released a security advisory detailing the latest security issues which have been both discovered and fixed.
The three vulnerabilities, assigned as SA-CORE-2016-004, affect versions 8.x of the CMS and users are now advised to upgrade to Drupal 8.1.10.
The first bug, considered the least dangerous of the three, is a problem which allows users without admin rights to set comment visibility on nodes they have rights to edit. By default, these user accounts should not be able to made these changes.