Drupal released a point update for its core engine to patch a critical access bypass vulnerability.
Source: Threadpost