Drupal has released security updates to address information disclosure vulnerability affecting Drupal versions 9.4, 9.5 and 10.0.

According to Drupal security advisory, users are recommended to install the latest version:

• If you are using Drupal 10.0, update to Drupal 10.0.2.
• If you are using Drupal 9.5, update to Drupal 9.5.2.
• If you are using Drupal 9.4, update to Drupal 9.4.10.

Drupal has also released security updates to address information disclosure vulnerabilities affecting Entity Browser, Media Library Block and Media Library Form API Element modules for Drupal 9 and 10. Fixes for these vulnerabilities are included in Entity Browser 8.x-2.9, Media Library Block 1.0.4, Media Library Form API Element 2.0.6.

More information on vulnerabilities and updates is available in Drupal security advisories:

• SA-CORE-2023-001
• SA-CONTRIB-2023-002
• SA-CONTRIB-2023-003
• SA-CONTRIB-2023-004