Drupal has patched two critical vulnerabilities in version 8 of the content management system.
The bugs include a cross-site scripting flaw and another allowing non-admin but privileged users to download data configuration reports.
Other flaws allowed some attackers to expose comments to different levels of visibility.
Harden your Drupal by installing the new version 8.1.10, available here. ®